Implement Spring Boot Remember-Me: Token Persistence and Auto-Login Guide
This article explains how to configure Spring Boot 2.2.11's remember‑me feature using a persistent token repository, customize HttpSecurity, create the required database schema, and understand the underlying authentication flow through detailed code snippets and step‑by‑step analysis.
Environment: Spring Boot 2.2.11.RELEASE.
Related Configuration
Security configuration
@Resource
private DataSource dataSource;
// Persistent token repository configuration
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
return tokenRepository;
}SQL script
Execute the CREATE_TABLE_SQL statement from JdbcTokenRepositoryImpl to create the required table.
HttpSecurity configuration
http.rememberMe()
.tokenRepository(persistentTokenRepository())
.userDetailsService(userDetailsService()) // UserDetailsService for retrieving user info
.tokenValiditySeconds(1800); // token validity periodLogin page
<div class="c-row" style="height: auto;">
<input type="checkbox" class="checkbox-control" id="remember-me" name="remember-me"/>
<label for="remember-me">Remember Me</label>
</div>The checkbox name must be remember-me for the remember‑me feature to work; within the token validity period the user will not need to log in again.
Testing
After logging in, close and reopen the browser; the user remains logged in and the token table is updated.
Source Code Analysis
1.1 The request first passes through UsernamePasswordAuthenticationFilter, invoking AbstractAuthenticationProcessingFilter.doFilter.
1.2 successfulAuthentication is called.
successfulAuthentication(request, response, chain, authResult);1.3 loginSuccess in AbstractRememberMeServices is executed.
1.4 The subclass PersistentTokenBasedRememberMeServices.onLoginSuccess runs, using the previously configured tokenRepository.
When the browser is reopened, the remember‑me flow proceeds as follows:
1.1 RememberMeAuthenticationFilter.doFilter is invoked (only active if remember‑me is enabled).
1.2 AbstractRememberMeServices.autoLogin attempts to retrieve the authentication from the security context; if absent, it triggers auto‑login.
1.3 extractRememberMeCookie extracts the remember-me cookie.
1.4 processAutoLoginCookie validates the token against the database, retrieves the username, checks expiration, and refreshes the token's validity.
1.5 The username is used to load user details via UserDetailsService:
return getUserDetailsService().loadUserByUsername(token.getUsername());1.6 Finally, the user information is stored in the Security context, completing the auto‑login process.
End of tutorial.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Spring Full-Stack Practical Cases
Full-stack Java development with Vue 2/3 front-end suite; hands-on examples and source code analysis for Spring, Spring Boot 2/3, and Spring Cloud.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.