org.jboss.seam.security
Class RememberMe

java.lang.Object
  extended by org.jboss.seam.security.RememberMe
All Implemented Interfaces:
Serializable

@Name(value="org.jboss.seam.security.rememberMe")
@Scope(value=SESSION)
@Install(precedence=0,
         classDependencies="javax.faces.context.FacesContext")
@BypassInterceptors
public class RememberMe
extends Object
implements Serializable

Remember-me functionality is provided by this class, in two different flavours. The first mode provides username-only persistence, and is considered to be secure as the user (or their browser) is still required to provide a password. The second mode provides an auto-login feature, however is NOT considered to be secure and is vulnerable to XSS attacks compromising the user's account. Use the auto-login mode with caution!

Author:
Shane Bryzak
See Also:
Serialized Form

Nested Class Summary
static class RememberMe.Mode
           
 
Constructor Summary
RememberMe()
           
 
Method Summary
 void create()
           
 void credentialsUpdated()
           
protected  String encodeToken(String username, String value)
           
protected  String generateTokenValue()
           
 int getCookieMaxAge()
           
 String getCookiePath()
           
 RememberMe.Mode getMode()
           
 TokenStore getTokenStore()
           
 void initCredentials(Credentials credentials)
           
 boolean isAutoLoggedIn()
          A flag that an application can use to protect sensitive operations if the user has been auto-authenticated.
 boolean isEnabled()
           
 void loggedOut()
           
 void postAuthenticate(Identity identity)
           
 void quietLogin()
           
 void setCookieMaxAge(int cookieMaxAge)
           
 void setEnabled(boolean enabled)
           
 void setMode(RememberMe.Mode mode)
           
 void setTokenStore(TokenStore tokenStore)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RememberMe

public RememberMe()
Method Detail

getMode

public RememberMe.Mode getMode()

setMode

public void setMode(RememberMe.Mode mode)

isEnabled

public boolean isEnabled()

setEnabled

public void setEnabled(boolean enabled)

getCookieMaxAge

public int getCookieMaxAge()

setCookieMaxAge

public void setCookieMaxAge(int cookieMaxAge)

getTokenStore

public TokenStore getTokenStore()

setTokenStore

public void setTokenStore(TokenStore tokenStore)

create

@Create
public void create()

generateTokenValue

protected String generateTokenValue()

encodeToken

protected String encodeToken(String username,
                             String value)

getCookiePath

public String getCookiePath()

initCredentials

@Observer(value="org.jboss.seam.security.initCredentials")
public void initCredentials(Credentials credentials)

quietLogin

@Observer(value="org.jboss.seam.security.quietLogin")
public void quietLogin()

loggedOut

@Observer(value="org.jboss.seam.security.loggedOut")
public void loggedOut()

postAuthenticate

@Observer(value="org.jboss.seam.security.postAuthenticate")
public void postAuthenticate(Identity identity)

credentialsUpdated

@Observer(value="org.jboss.seam.security.credentialsUpdated")
public void credentialsUpdated()

isAutoLoggedIn

public boolean isAutoLoggedIn()
A flag that an application can use to protect sensitive operations if the user has been auto-authenticated.



Copyright © 2011 Seam Framework. All Rights Reserved.