1. Main Goal

The focus here is to implement a very simple remember-me flow for our login page.

2. Lesson Notes

If you're using the git repository to get the project - you should be using the module3 branch.

The relevant module you need to import when you're starting with this lesson is: m3-lesson1

If you want to skip and see the complete implementation, feel free to jump ahead and import: m3-lesson2

The credentials used in the code of this lesson are: [email protected]/pass (data.sql).

2.1. Basic Remember-Me

First, we’re going to enable the basic remember-me functionality in the security config:

.rememberMe().key("lssAppKey")

We are then going to add the remember-me checkbox on the login page:

<input id="remember" type="checkbox" name="remember-me" value="true" />

Finally, we are going to test by following two scenarios:

Scenario 1:

log in without remember-me
remove the JSESSIONID cookie manually
refresh the page => we should be redirected to login

Scenario 2:

log in with remember-me
remove the JSESSIONID cookie manually
refresh the page => we should now remain logged in

2.2. Differences in Boot 2

As we've mentioned in the previous lessons, in Spring Boot 2 we have to specify the password encryption. This means that we should also set it explicitly when configuring the authentication manager:

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

3. Resources

- Remember Me in the Official Reference

LSS - A Simple Remember Me Flow - transcript.pdf

Learn Spring Security: The Master Class (Legacy)

Lesson 1: A Simple Remember Me Flow

1. Main Goal

2. Lesson Notes

2.1. Basic Remember-Me

2.2. Differences in Boot 2

3. Resources