| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <title>RememberMe</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="RememberMe"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/LoginToContinue.html" title="annotation in javax.security.enterprise.authentication.mechanism.http"><span class="typeNameLink">Prev Class</span></a></li> |
| <li>Next Class</li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?javax/security/enterprise/authentication/mechanism/http/RememberMe.html" target="_top">Frames</a></li> |
| <li><a href="RememberMe.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Field | </li> |
| <li>Required | </li> |
| <li><a href="#annotation.type.optional.element.summary">Optional</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#annotation.type.element.detail">Element</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">javax.security.enterprise.authentication.mechanism.http</div> |
| <h2 title="Annotation Type RememberMe" class="title">Annotation Type RememberMe</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <hr> |
| <br> |
| <pre>@Inherited |
| <a href="../../../../../../javax/interceptor/InterceptorBinding.html" title="annotation in javax.interceptor">@InterceptorBinding</a> |
| @Retention(value=RUNTIME) |
| @Target(value=TYPE) |
| public @interface <span class="memberNameLabel">RememberMe</span></pre> |
| <div class="block">The RememberMe annotation provides an application the ability to declaratively designate |
| that an authentication mechanism effectively "remembers" the authentication and auto |
| applies this with every request. |
| |
| <p> |
| For the remember me function the credentials provided by the caller are exchanged for a (long-lived) token |
| which is send to the user as the value of a cookie, in a similar way to how the HTTP session ID is send. |
| It should be realized that this token effectively becomes the credential to establish the caller's |
| identity within the application and care should be taken to handle and store the token securely. E.g. |
| by using this feature with a secure transport (SSL/HTTPS), storing a strong hash instead of the actual |
| token, and implementing an expiration policy. |
| |
| <p> |
| The token is vended by a special purpose <a href="../../../../../../javax/security/enterprise/identitystore/IdentityStore.html" title="interface in javax.security.enterprise.identitystore"><code>IdentityStore</code></a>-like artifact; an implementation of the |
| <a href="../../../../../../javax/security/enterprise/identitystore/RememberMeIdentityStore.html" title="interface in javax.security.enterprise.identitystore"><code>RememberMeIdentityStore</code></a>. |
| |
| <p> |
| This support is provided via an implementation of an interceptor spec interceptor that conducts the |
| necessary logic. |
| |
| <p> |
| Example: |
| |
| <pre> |
| <code> |
| @RequestScoped |
| @RememberMe |
| public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism { |
| // ... |
| } |
| </code> |
| </pre> |
| |
| <p> |
| EL expressions in attributes of type <code>String</code> are evaluated for every request requiring |
| authentication. Both immediate and deferred syntax is supported, but effectively the semantics |
| are always deferred. |
| |
| <p> |
| <b>Note:</b> this facility <em>DOES NOT</em> constitute any kind of "session management" system, but instead |
| represents a special purpose authentication mechanism using a long-lived token, that is vended and validated by the |
| <a href="../../../../../../javax/security/enterprise/identitystore/RememberMeIdentityStore.html" title="interface in javax.security.enterprise.identitystore"><code>RememberMeIdentityStore</code></a>.</div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== ANNOTATION TYPE OPTIONAL MEMBER SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="annotation.type.optional.element.summary"> |
| <!-- --> |
| </a> |
| <h3>Optional Element Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Optional Element Summary table, listing optional elements, and an explanation"> |
| <caption><span>Optional Elements</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Optional Element and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieHttpOnly--">cookieHttpOnly</a></span></code> |
| <div class="block">Flag to indicate that the remember me cookie should not be exposed to |
| client-side scripting code, and should only be sent with HTTP requests.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieHttpOnlyExpression--">cookieHttpOnlyExpression</a></span></code> |
| <div class="block">EL expression variant of <code>cookieHttpOnly()</code>.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>int</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieMaxAgeSeconds--">cookieMaxAgeSeconds</a></span></code> |
| <div class="block">Max age in seconds for the remember me cookie.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieMaxAgeSecondsExpression--">cookieMaxAgeSecondsExpression</a></span></code> |
| <div class="block">EL expression variant of <code>cookieMaxAgeSeconds()</code>.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieName--">cookieName</a></span></code> |
| <div class="block">Name of the remember me cookie.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieSecureOnly--">cookieSecureOnly</a></span></code> |
| <div class="block">Flag to indicate that the remember me cookie should only be |
| sent using a secure protocol (e.g.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#cookieSecureOnlyExpression--">cookieSecureOnlyExpression</a></span></code> |
| <div class="block">EL expression variant of <code>cookieSecureOnly()</code>.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#isRememberMe--">isRememberMe</a></span></code> |
| <div class="block">Flag to determine if remember me should be used.</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/RememberMe.html#isRememberMeExpression--">isRememberMeExpression</a></span></code> |
| <div class="block">EL expression to determine if remember me should be used.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ ANNOTATION TYPE MEMBER DETAIL =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="annotation.type.element.detail"> |
| <!-- --> |
| </a> |
| <h3>Element Detail</h3> |
| <a name="cookieMaxAgeSeconds--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieMaxAgeSeconds</h4> |
| <pre>public abstract int cookieMaxAgeSeconds</pre> |
| <div class="block">Max age in seconds for the remember me cookie. |
| Defaults to one day.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Max age in seconds</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../javax/servlet/http/Cookie.html#setMaxAge-int-"><code>Cookie.setMaxAge(int)</code></a></dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>86400</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieMaxAgeSecondsExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieMaxAgeSecondsExpression</h4> |
| <pre>public abstract java.lang.String cookieMaxAgeSecondsExpression</pre> |
| <div class="block">EL expression variant of <code>cookieMaxAgeSeconds()</code>. |
| The expression needs to evaluate to an integer outcome. All named CDI beans are available to the expression |
| as well as default classes as specified by EL 3.0 for the <code>ELProcessor</code> |
| and the implicit objects "self" which refers to the interceptor target and |
| "httpMessageContext" which refers to the current <a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.html" title="interface in javax.security.enterprise.authentication.mechanism.http"><code>HttpMessageContext</code></a>. |
| If both this attribute and <code>cookieMaxAgeSeconds()</code> are specified, this |
| attribute takes precedence.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>an expression evaluating to an integer designating the max age in seconds for the remember me cookie.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieSecureOnly--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieSecureOnly</h4> |
| <pre>public abstract boolean cookieSecureOnly</pre> |
| <div class="block">Flag to indicate that the remember me cookie should only be |
| sent using a secure protocol (e.g. HTTPS or SSL).</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if the cookie should be sent using a secure protocol only |
| false for any protocol.</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../javax/servlet/http/Cookie.html#setSecure-boolean-"><code>Cookie.setSecure(boolean)</code></a></dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>true</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieSecureOnlyExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieSecureOnlyExpression</h4> |
| <pre>public abstract java.lang.String cookieSecureOnlyExpression</pre> |
| <div class="block">EL expression variant of <code>cookieSecureOnly()</code>. |
| The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression |
| as well as default classes as specified by EL 3.0 for the <code>ELProcessor</code> |
| and the implicit objects "self" which refers to the interceptor target and |
| "httpMessageContext" which refers to the current <a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.html" title="interface in javax.security.enterprise.authentication.mechanism.http"><code>HttpMessageContext</code></a>. |
| If both this attribute and <code>cookieSecureOnly()</code> are specified, this |
| attribute takes precedence.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>an expression evaluating to an integer designating the max age in seconds for the remember me cookie.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieHttpOnly--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieHttpOnly</h4> |
| <pre>public abstract boolean cookieHttpOnly</pre> |
| <div class="block">Flag to indicate that the remember me cookie should not be exposed to |
| client-side scripting code, and should only be sent with HTTP requests.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if the cookie should be sent only with HTTP requests |
| (and not be made available to client-side scripting code), false otherwise.</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../javax/servlet/http/Cookie.html#setHttpOnly-boolean-"><code>Cookie.setHttpOnly(boolean)</code></a></dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>true</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieHttpOnlyExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieHttpOnlyExpression</h4> |
| <pre>public abstract java.lang.String cookieHttpOnlyExpression</pre> |
| <div class="block">EL expression variant of <code>cookieHttpOnly()</code>. |
| The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression |
| as well as default classes as specified by EL 3.0 for the <code>ELProcessor</code> |
| and the implicit objects "self" which refers to the interceptor target and |
| "httpMessageContext" which refers to the current <a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.html" title="interface in javax.security.enterprise.authentication.mechanism.http"><code>HttpMessageContext</code></a>. |
| If both this attribute and <code>cookieHttpOnly()</code> are specified, this |
| attribute takes precedence.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>an expression evaluating to true if the cookie should be sent only with HTTP requests , false otherwise.</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="cookieName--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>cookieName</h4> |
| <pre>public abstract java.lang.String cookieName</pre> |
| <div class="block">Name of the remember me cookie.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>The name of the cookie</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../../javax/servlet/http/Cookie.html#getName--"><code>Cookie.getName()</code></a></dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>"JREMEMBERMEID"</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="isRememberMe--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isRememberMe</h4> |
| <pre>public abstract boolean isRememberMe</pre> |
| <div class="block">Flag to determine if remember me should be used.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>Flag to determine if remember me should be used</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>true</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a name="isRememberMeExpression--"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>isRememberMeExpression</h4> |
| <pre>public abstract java.lang.String isRememberMeExpression</pre> |
| <div class="block">EL expression to determine if remember me should be used. This is evaluated |
| for every request requiring authentication. The expression needs to evaluate |
| to a boolean outcome. All named CDI beans are available to the expression |
| as well as default classes as specified by EL 3.0 for the <code>ELProcessor</code> |
| and the implicit objects "self" which refers to the interceptor target and |
| "httpMessageContext" which refers to the current <a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/HttpMessageContext.html" title="interface in javax.security.enterprise.authentication.mechanism.http"><code>HttpMessageContext</code></a>.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>EL expression to determine if remember me should be used</dd> |
| </dl> |
| <dl> |
| <dt>Default:</dt> |
| <dd>""</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../javax/security/enterprise/authentication/mechanism/http/LoginToContinue.html" title="annotation in javax.security.enterprise.authentication.mechanism.http"><span class="typeNameLink">Prev Class</span></a></li> |
| <li>Next Class</li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?javax/security/enterprise/authentication/mechanism/http/RememberMe.html" target="_top">Frames</a></li> |
| <li><a href="RememberMe.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Field | </li> |
| <li>Required | </li> |
| <li><a href="#annotation.type.optional.element.summary">Optional</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#annotation.type.element.detail">Element</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |