BestHub
Sign in
Backend Development 5 min read

Implement Spring Boot Remember-Me: Token Persistence and Auto-Login Guide

This article explains how to configure Spring Boot 2.2.11's remember‑me feature using a persistent token repository, customize HttpSecurity, create the required database schema, and understand the underlying authentication flow through detailed code snippets and step‑by‑step analysis.

Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Implement Spring Boot Remember-Me: Token Persistence and Auto-Login Guide

Environment: Spring Boot 2.2.11.RELEASE.

Related Configuration

Security configuration

<code>@Resource
private DataSource dataSource;

// Persistent token repository configuration
@Bean
public PersistentTokenRepository persistentTokenRepository() {
    JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
    tokenRepository.setDataSource(dataSource);
    return tokenRepository;
}</code>

SQL script

Execute the CREATE_TABLE_SQL statement from

JdbcTokenRepositoryImpl

to create the required table.

HttpSecurity configuration

<code>http.rememberMe()
    .tokenRepository(persistentTokenRepository())
    .userDetailsService(userDetailsService()) // UserDetailsService for retrieving user info
    .tokenValiditySeconds(1800); // token validity period</code>

Login page

<code>&lt;div class="c-row" style="height: auto;"&gt;
  &lt;input type="checkbox" class="checkbox-control" id="remember-me" name="remember-me"/&gt;
  &lt;label for="remember-me"&gt;Remember Me&lt;/label&gt;
&lt;/div&gt;</code>

The checkbox name must be remember-me for the remember‑me feature to work; within the token validity period the user will not need to log in again.

Testing

After logging in, close and reopen the browser; the user remains logged in and the token table is updated.

Source Code Analysis

1.1 The request first passes through

UsernamePasswordAuthenticationFilter

, invoking

AbstractAuthenticationProcessingFilter.doFilter

.

1.2

successfulAuthentication

is called.

<code>successfulAuthentication(request, response, chain, authResult);</code>

1.3

loginSuccess

in

AbstractRememberMeServices

is executed.

1.4 The subclass

PersistentTokenBasedRememberMeServices.onLoginSuccess

runs, using the previously configured

tokenRepository

.

When the browser is reopened, the remember‑me flow proceeds as follows:

1.1

RememberMeAuthenticationFilter.doFilter

is invoked (only active if remember‑me is enabled).

1.2

AbstractRememberMeServices.autoLogin

attempts to retrieve the authentication from the security context; if absent, it triggers auto‑login.

1.3

extractRememberMeCookie

extracts the remember-me cookie.

1.4

processAutoLoginCookie

validates the token against the database, retrieves the username, checks expiration, and refreshes the token's validity.

1.5 The username is used to load user details via

UserDetailsService

:

<code>return getUserDetailsService().loadUserByUsername(token.getUsername());</code>

1.6 Finally, the user information is stored in the Security context, completing the auto‑login process.

End of tutorial.

Spring BootsecurityAuto LoginRemember MeToken Persistence
Spring Full-Stack Practical Cases
Written by

Spring Full-Stack Practical Cases

Full-stack Java development with Vue 2/3 front-end suite; hands-on examples and source code analysis for Spring, Spring Boot 2/3, and Spring Cloud.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment