Spring security remember me

Spring security provides the “Remember Me” feature. The “Remember Me” is a login feature, which means that the system will remember the user and perform automatic login even after the user’s session is expired. In the below example we are implementing this feature of spring security.

Directory Structure

pom.xml file


  4.0.0
  w3spoint
  SpringSecurity04
  war
  0.0.1-SNAPSHOT
  SpringSecurityld Maven Webapp
  http://maven.apache.org
  
  
  	5.0.2.RELEASE
  	5.0.0.RELEASE
  	1.2
  
  
  
    
      junit
      junit
      3.8.1
      test
    
    
	
		org.springframework
		spring-core
		${spring.version}
	

	
		org.springframework
		spring-web
		${spring.version}
	

	
		org.springframework
		spring-webmvc
		${spring.version}
	

	
	
		org.springframework.security
		spring-security-web
		${spring.security.version}
	

	
		org.springframework.security
		spring-security-config
		${spring.security.version}
	

	
	
		jstl
		jstl
		${jstl.version}
	
	
	
	  
	    javax.servlet  
	    javax.servlet-api  
	    3.1.0  
	    provided  
	  
  
  
    
      
    	
        org.apache.maven.plugins
        maven-compiler-plugin
        3.7.0
        
          1.8
          1.8
        
      
      
          
            org.apache.maven.plugins  
            maven-war-plugin  
            2.6  
              
                false

AppConfig.java

package com.w3schools360.config;

import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.ComponentScan;  
import org.springframework.context.annotation.Configuration;  
import org.springframework.web.servlet.config.annotation.EnableWebMvc;  
import org.springframework.web.servlet.view.InternalResourceViewResolver;  
import org.springframework.web.servlet.view.JstlView;  
  
@EnableWebMvc  
@Configuration  
@ComponentScan({ "com.w3schools360.controller.*" })  
public class AppConfig {  
    @Bean  
    public InternalResourceViewResolver viewResolver() {  
        InternalResourceViewResolver viewResolver  
                          = new InternalResourceViewResolver();  
        viewResolver.setViewClass(JstlView.class);  
        viewResolver.setPrefix("/WEB-INF/views/");  
        viewResolver.setSuffix(".jsp");  
        return viewResolver;  
    }  
}

SecurityConfig.java

Spring security configuration file. It will contains the security configurations. It creates a springSecurityFilterChain which is a servlet filter.

package com.w3schools360.config;

import org.springframework.context.annotation.*;   
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.*;  
import org.springframework.security.core.userdetails.User;  
import org.springframework.security.core.userdetails.UserDetailsService;  
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;  

@EnableWebSecurity
@ComponentScan("com.w3schools360") 
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean  
    public UserDetailsService userDetailsService() {  
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();  
        manager.createUser(User.withDefaultPasswordEncoder()  
        .username("jai").password("123456").roles("ADMIN").build());  
        return manager;  
    }  
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
	      http.authorizeRequests().  
	      antMatchers("/index","/").permitAll()  
	      .antMatchers("/admin").authenticated()  
	      .and()  
	      .formLogin()  
	      .loginPage("/login")  
	      .and()  
	      .rememberMe()  
	      .key("rem-me-key")  
	      .rememberMeParameter("remember") //Name of checkbox at login page  
	      .rememberMeCookieName("rememberlogin") //Cookie name
	      .tokenValiditySeconds(300) //Remember login credentials for number of seconds 
	      .and()  
	      .logout()  
	      .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));    		
	}
}

SpringSecurityInitializer.java

Now we have to create a class which extends AbstractSecurityWebApplicationInitializer, it will load the springSecurityFilterChain automatically.

package com.w3schools360.config.core;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SpringSecurityInitializer  extends AbstractSecurityWebApplicationInitializer{

}

SpringMvcInitializer.java

It is initializer class which will load everything.

package com.w3schools360.config.core;

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
import com.w3schools360.config.SecurityConfig;

public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
	@Override
	protected Class[] getRootConfigClasses() {
		return new Class[] { SecurityConfig.class };
	}

	@Override
	protected Class[] getServletConfigClasses() {
		// TODO Auto-generated method stub
		return null;
	}

	@Override
	protected String[] getServletMappings() {
		return new String[] { "/" };
	}
}

LoginController.java

package com.w3schools360.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@SuppressWarnings("unused")
@Controller
public class LoginController {
    @RequestMapping(value="/", method=RequestMethod.GET)    
    public String index() {    	            
        return "index";    
    }   
 
    @RequestMapping(value="/login", method=RequestMethod.GET)    
    public String login() {    	            
        return "login";    
    }    
    
    @RequestMapping(value="/admin", method=RequestMethod.GET)    
    public String admin() {    	            
        return "admin";    
    }    
}

index.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>


	Spring MVC + Spring Security	
	Login here

login.jsp file

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>  
  
         
              
          
            Invalid username and password.  
          
      
             
          
            You have been logged out.  
          
      
      
        Username  
              
      
      
        Password  
              
      
      
         Remember me

admin.jsp file

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>


	Spring MVC + Spring Security	
	Admin login successfully.	
	Logout

Run the application on server.
We add spring security on admin page, so when we hit http://localhost:8080/SpringSecurity04/. Browser will open index page.

Click on Login here link. Custom login page will open. Enter credentials, check the Remember me check box and click on login
Spring security

Successfully login
Spring security

Close the browser and hit http://localhost:8080/SpringSecurity04/admin. Application will take you on admin page without asking to login again. This is what Remember me functionality do.

Alex Martin