org.jboss.seam.security
Class RememberMe
java.lang.Object
org.jboss.seam.security.RememberMe
- All Implemented Interfaces:
- Serializable
@Name(value="org.jboss.seam.security.rememberMe")
@Scope(value=SESSION)
@Install(precedence=0,
classDependencies="javax.faces.context.FacesContext")
@BypassInterceptors
public class RememberMe
- extends Object
- implements Serializable
Remember-me functionality is provided by this class, in two different flavours. The first mode
provides username-only persistence, and is considered to be secure as the user (or their browser)
is still required to provide a password. The second mode provides an auto-login feature, however
is NOT considered to be secure and is vulnerable to XSS attacks compromising the user's account.
Use the auto-login mode with caution!
- Author:
- Shane Bryzak
- See Also:
- Serialized Form
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RememberMe
public RememberMe()
getMode
public RememberMe.Mode getMode()
setMode
public void setMode(RememberMe.Mode mode)
isEnabled
public boolean isEnabled()
setEnabled
public void setEnabled(boolean enabled)
getCookieMaxAge
public int getCookieMaxAge()
setCookieMaxAge
public void setCookieMaxAge(int cookieMaxAge)
getTokenStore
public TokenStore getTokenStore()
setTokenStore
public void setTokenStore(TokenStore tokenStore)
create
@Create
public void create()
generateTokenValue
protected String generateTokenValue()
encodeToken
protected String encodeToken(String username,
String value)
getCookiePath
public String getCookiePath()
initCredentials
@Observer(value="org.jboss.seam.security.initCredentials")
public void initCredentials(Credentials credentials)
quietLogin
@Observer(value="org.jboss.seam.security.quietLogin")
public void quietLogin()
loggedOut
@Observer(value="org.jboss.seam.security.loggedOut")
public void loggedOut()
postAuthenticate
@Observer(value="org.jboss.seam.security.postAuthenticate")
public void postAuthenticate(Identity identity)
credentialsUpdated
@Observer(value="org.jboss.seam.security.credentialsUpdated")
public void credentialsUpdated()
isAutoLoggedIn
public boolean isAutoLoggedIn()
- A flag that an application can use to protect sensitive operations if the user has been
auto-authenticated.
Copyright © 2011 Seam Framework. All Rights Reserved.