Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tidying up Javadoc.

This commit is contained in:
Luke Taylor 2008-12-16 20:29:53 +00:00
parent a1bd48733a
commit d0fcbd9baf
1 changed files with 13 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
core/src/main/java/org/springframework/security/ui/rememberme/RememberMeServices.java
View File

@ -25,27 +25,19 @@ import javax.servlet.http.HttpServletResponse;
* Implement by a class that is capable of providing a remember-me service.
*
* <p>
* Spring Security filters (namely {@link
* org.springframework.security.ui.AbstractProcessingFilter} and {@link
* org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
* Spring Security filters (namely {@link org.springframework.security.ui.AbstractProcessingFilter} and
* {@link org.springframework.security.ui.rememberme.RememberMeProcessingFilter} will call
* the methods provided by an implementation of this interface.
* </p>
*
* <p>
* Implementations may implement any type of remember-me capability they wish.
* Rolling cookies (as per <a href="http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice">
* http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice</a>)
* can be used, as can simple implementations that don't require a persistent
* store. Implementations also determine the validity period of a remember-me
* cookie. This interface has been designed to accommodate any of these
* can be used, as can simple implementations that don't require a persistent store. Implementations also determine
* the validity period of a remember-me cookie. This interface has been designed to accommodate any of these
* remember-me models.
* </p>
*
* <p>
* This interface does not define how remember-me services should offer a
* "cancel all remember-me tokens" type capability, as this will be
* implementation specific and requires no hooks into Spring Security.
* </p>
* This interface does not define how remember-me services should offer a "cancel all remember-me tokens" type
* capability, as this will be implementation specific and requires no hooks into Spring Security.
*
* @author Ben Alex
* @version $Id$
@ -60,11 +52,13 @@ public interface RememberMeServices {
* whatsoever to determine whether the browser has requested remember-me services or presented a valid cookie.
* Such determinations are left to the implementation. If a browser has presented an unauthorised cookie for
* whatever reason, it should be silently ignored and invalidated using the <code>HttpServletResponse</code>
* object.<p>The returned <code>Authentication</code> must be acceptable to {@link
* org.springframework.security.AuthenticationManager} or
* {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application. It is recommended {@link
* org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be used in most cases, as it has a
* corresponding authentication provider.</p>
* object.
* <p>
* The returned <code>Authentication</code> must be acceptable to
* {@link org.springframework.security.AuthenticationManager} or
* {@link org.springframework.security.providers.AuthenticationProvider} defined by the web application.
* It is recommended {@link org.springframework.security.providers.rememberme.RememberMeAuthenticationToken} be
* used in most cases, as it has a corresponding authentication provider.
*
* @param request to look for a remember-me token within
* @param response to change, cancel or modify the remember-me token