Since your question is specific to the handling of checkbox value (remember me flag) coming from login page, the answer is that you have to call loginSuccess
or loginFail
method of RememberMeServices. The loginSuccess
adds auto-login cookie in the response and loginFail
removes that cookie.
But I guess above answer won't help you much unless you are sure that you have RememberMeServices
configured in your app. Maybe following steps that configure RememberMeServices
will help you do whole thing your way (or help you understand the out of the box functionality):
(1) Create a class (call it myRememberMeServices) that implements RememberMeServices
and LogoutHandler.
(2) In autoLogin
method, create an authentication object (UsernamePasswordAuthenticationToken) after parsing the cookie value.
(3) In loginFail
method, cancel the cookie.
(4) In loginSuccess
method, create an auto-login cookie. Add value that you would use in autoLogin method. Usually cookie value is encrypted.
(5) In logout
method , cancel the cookie.
(6) Inject myRememberMeServices in following four places and call appropriate method:
(a) At the time of successful login (if checkbox value is set),
(b) At the time of failed login,
(c) On logout, and
(d) In filter that does autologin
It is worth noting that RememberMeAuthenticationFilter takes authenticationManager
and RememberMeServices
in its constructor.
Answer to your other question is that the authenticationManager
doesn't need to know anything about remember me. It is the filter (or any class handling auto login) that needs to know about authenticationManager
and RememberMeServices
. (In other words, ask RememberMeServices
for a token and pass it to authenticationManager
to do auto login).