egovframework.rfc3.iam.security.authentication
Class NullRememberMeServices

java.lang.Object
  extended by egovframework.rfc3.iam.security.authentication.NullRememberMeServices
All Implemented Interfaces:
RFC3RememberMeServices

public class NullRememberMeServices
extends java.lang.Object
implements RFC3RememberMeServices

Implementation of NullRememberMeServices that does nothing.

Used as a default by several framework classes.

Author:
Ben Alex

Constructor Summary
NullRememberMeServices()
           
 
Method Summary
 org.springframework.security.core.Authentication autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
 void loginFail(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
 void loginSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication successfulAuthentication)
          Called whenever an interactive authentication attempt is successful.
 org.springframework.security.core.Authentication onCookiesValidate(java.lang.String cookieName, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          생성된 인증 쿠기 유효 여부 및 실시간 업데이트 하기
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NullRememberMeServices

public NullRememberMeServices()
Method Detail

autoLogin

public org.springframework.security.core.Authentication autoLogin(javax.servlet.http.HttpServletRequest request,
                                                                  javax.servlet.http.HttpServletResponse response)
Description copied from interface: RFC3RememberMeServices
This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. Spring Security makes no attempt whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie. Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for whatever reason, it should be silently ignored and invalidated using the HttpServletResponse object.

The returned Authentication must be acceptable to AuthenticationManager or AuthenticationProvider defined by the web application. It is recommended RememberMeAuthenticationToken be used in most cases, as it has a corresponding authentication provider.

Specified by:
autoLogin in interface RFC3RememberMeServices
Parameters:
request - to look for a remember-me token within
response - to change, cancel or modify the remember-me token
Returns:
a valid authentication object, or null if the request should not be authenticated

onCookiesValidate

public org.springframework.security.core.Authentication onCookiesValidate(java.lang.String cookieName,
                                                                          javax.servlet.http.HttpServletRequest request,
                                                                          javax.servlet.http.HttpServletResponse response)
Description copied from interface: RFC3RememberMeServices
생성된 인증 쿠기 유효 여부 및 실시간 업데이트 하기

Specified by:
onCookiesValidate in interface RFC3RememberMeServices
Returns:

loginFail

public void loginFail(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
Description copied from interface: RFC3RememberMeServices
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. Implementations should invalidate any and all remember-me tokens indicated in the HttpServletRequest.

Specified by:
loginFail in interface RFC3RememberMeServices
Parameters:
request - that contained an invalid authentication request
response - to change, cancel or modify the remember-me token

loginSuccess

public void loginSuccess(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         org.springframework.security.core.Authentication successfulAuthentication)
Description copied from interface: RFC3RememberMeServices
Called whenever an interactive authentication attempt is successful. An implementation may automatically set a remember-me token in the HttpServletResponse, although this is not recommended. Instead, implementations should typically look for a request parameter that indicates the browser has presented an explicit request for authentication to be remembered, such as the presence of a HTTP POST parameter.

Specified by:
loginSuccess in interface RFC3RememberMeServices
Parameters:
request - that contained the valid authentication request
response - to change, cancel or modify the remember-me token
successfulAuthentication - representing the successfully authenticated principal