1
1
.
.
8
8
.
.
2
2
L
L
o
o
g
g
i
i
n
n
F
F
o
o
r
r
m
m
-
-
C
C
u
u
s
s
t
t
o
o
m
m
I
I
n
n
f
f
o
o
This tutorial shows how to use Remember Me Cookie for Custom Login Form.
This requires you to manually add additional checkbox to your Custom Login Form (as shown below).
After successful Authentication through Custom Login Form, Remember Me Cookie will be stored in the User's Browser.
Remember Me Cookie will keep the User logged in permanently (even if Session Cookie has expired or was deleted).
That way next time User sends HTTP Request it will not have to Login again.
SecurityConfig.java
@RequiredArgsConstructor
private final UserDetailsService userDetailsService;
httpSecurity.rememberMe().key("something").userDetailsService(userDetailsService);
MyLogin.html
<input type="checkbox" name="remember-me"/>
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables @Controller, @RequestMapping and Tomcat Server.
Security
Spring Security
Enables Spring Security.
Template Engines
Thyemeleaf
Enables Controller to return reference HTML Page index.html
Developer Tools
Lombok
Enables @Data which generate helper methods (setters, getters, ...)
MyLogin.html
http://localhost:8080/MyLogin
Tomcat
MyController
http://localhost:8080/SayHello
sayHello()
myLogin()
SecurityConfig
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springboot_security_remmberme (add Spring Boot Starters from the table)
Edit File: application.properties (add Role, User, Password)
Create Package: config (inside main package)
– Create Class: SecurityConfig.java (inside package config)
Create Package: controllers (inside main package)
– Create Class: MyController.java (inside package controllers)
application.properties
# SECURITY
spring.security.user.name = myuser
spring.security.user.password = mypassword
spring.security.user.roles = USER
SecurityConfig.java
package com.example.springboot_security_rememberme_customform.config;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//ENABLE REMEMBER ME COOKIE
httpSecurity.rememberMe().key("something").userDetailsService(userDetailsService);
//DISABLE CSRF
httpSecurity.csrf().disable();
//SPECIFY ACCESS TO ENDPOINTS
httpSecurity.authorizeRequests()
.antMatchers("/SayHello").hasRole("USER");
//CUSTOM LOGIN FORM
httpSecurity.formLogin()
.loginPage("/MyLogin")
.loginProcessingUrl("/login");
}
}
MyController.java
package com.example.springboot_security_rememberme_customform.controllers;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@ResponseBody
@RequestMapping("/SayHello")
public String sayHello() {
return "Hello from Controller";
}
@RequestMapping("/MyLogin")
public String myLogin() {
return "MyLogin";
}
}
MyLogin.html
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<title> MY LOGIN </title>
<style type="text/css">
div { display:flex; flex-direction:column; align-items:center; border: solid 1pt; margin: 10pt 50pt;
background-color: aliceblue }
</style>
<div>
<h2> MY LOGIN </h2>
<form method="POST" action="login">
<p> <input type="text" name="username" placeholder="username" /> </p>
<p> <input type="text" name="password" placeholder="password" /> </p>
<p> <input type="checkbox" name="remember-me" /> </p>
<p> <input type="submit" name="addAuthor" value="Log In" style="width:100%" /> </p>
</form>
</div>
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/SayHello
You get redirected to http://localhost:8080/MyLogin
– Username: myuser
– Password: mypassword
– Remember Me: CHECK
– Sign in
You get redirected back to http://localhost:8080/SayHello
Customize and control Google Chrome
– More Tools
– Developer Tools
– Application
– Cookies
– http://localhost:8080
Delete Cookie: JSESSIONID
– http://localhost:8080/SayHello (you can access Page without logging in because remember-me Cookie is used)
http://localhost:8080/login http://localhost:8080/SayHello
remember-me Cookie