- Spring security supports Remember-Me feature
- Once the Remember-Me feature is enabled, a cookie base64(username + “:" + expirationTime + “:" + md5Hex(username + “:" + expirationTime + “:" password + “:" + key)) is sent to the browser after successful authentication at login
- Browser sends the received authentication cookie with every request to the server
- Spring security retrieves the password from the database for the logged in username
- Evaluates md5Hex() for the username, password along with expiration time and key and matches it with the supplied cookie
- If the evaluated values match with the supplied cookie, the user automatically gets logged in
Enabling Remember-Me Authentication
Integrating Spring Security with JAAS
- Spring Security contains a package to delegate authentication requests to JAAS
- Spring Security’s authentication process takes the username and password provided by the user and stores it in the authentication object
- Each authentication object contains one principle
JAAS package components
- Authentication
- AuthenticationProvider
- LoginContext
- AuthorityGranter
- JaasAuthenticationToken
JAAS based Classes and Interfaces
- org.springframework.security.authentication.jaas
- AbstractJaasAuthenticationProvider
- AuthorityGranter
- DefaultJaasAuthenticationProvider
- DefaultLoginExceptionResolver
- JaasAuthenticationCallbackHandler
- JaasAuthenticationToken
- JaasGrantedAuthority
- JaasNameCallbackHandler
- LoginExceptionResolver
- SecurityContextLoginModule
Cheng® 