Lesson 1: A Simple Remember Me Flow
1. Main Goal
The focus here is to implement a very simple remember-me flow for our login page.
2. Lesson Notes
If you're using the git repository to get the project - you should be using the module3 branch.
The relevant module you need to import when you're starting with this lesson is: lssc-module3/m3-lesson1
If you want to skip and see the complete implementation, feel free to jump ahead and import: lssc-module3/m3-lesson2
The credentials used in the code of this lesson are: [email protected]/pass (data.sql).
2.1. Basic Remember-Me
First, we’re going to enable the basic remember-me functionality in the security config:
.rememberMe().key("lssAppKey")
We are then going to add the remember-me checkbox on the login page:
<input id="remember" type="checkbox" name="remember-me" value="true" />
Finally, we are going to test by following two scenarios:
Scenario 1:
- log in without remember-me
- remove the JSESSIONID cookie manually
- refresh the page => we should be redirected to login
Scenario 2:
- log in with remember-me
- remove the JSESSIONID cookie manually
- refresh the page => we should now remain logged in
2.2. Upgrade Notes
As we've mentioned in the previous lessons, since Spring Boot 2, we have to specify the password encryption. This means that we should also set it explicitly when configuring the authentication manager:
@Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); }