Remember-me authentication
We will be reusing and enhancing the example that we built in Chapter 2, Deep Diving into Spring Security (jetty-db-basic-authentication
), to explain how Spring Security can be used to achieve remember me, or persistent login, functionality. In the example that we are going to reuse, we have used basic authentication, in which user credentials are stored in a MySQL database.
Remember me functionality is achieved in Spring Security by sending cookies to the browser when the user chooses to remember his/her credentials on the client side. The cookie can be configured to be stored in the browser for a stipulated time. If the cookie exists and is valid, the next time the user accesses the application, they are taken straight to the user's home page and avoid explicit authentication with a username/password combination.
Remember me functionality can be achieved using two approaches:
- Hash-based tokens: Username, expiry time, password, and a private key are hashed and send...