How to configure Persistent Token Remember-Me authentication

Remember-me authentication is a solution for websites to remember the identity of a user between sessions. In the tutorial, JavaSampleApppoach will show you how to configure persistent token remember-me authentication with Spring Boot.

Related Articles:
How to configure Remember Me authentication by Hash-Based Token Approach
Spring Security – Config Security for Web MVC by Spring Boot


I. Technologies

– Java 1.8
– Maven 3.3.9
– Spring Tool Suite – Version 3.8.1.RELEASE
– Spring Boot: 1.5.1.RELEASE
– MySQL database

II. Practices – Persistent Token Remember-Me authentication

Step to do
– Create SpringBoot project
– Create Controller & Views
– Setup MySql database configuration

– Configure remember-me security

– Run & Check results

1. Create SpringBoot project

Open Spring Tool Suite, on main menu, choose File->New->Spring Starter Project, add project info, then press Next for needed dependencies:
– For Security, choose Core->Security
– For JDBC & MySQL, choose SQL->JDBC & MySQL
– For Template Engines, choose Thymeleaf
– For Web MVC, choose Web->Web

springboot remember me Persistent approach

Open pom.xml, check dependencies:

2. Create Controller & Views

– Create a simple controller WebController:

– Create 2 views:

home.html

login.html with Remember me checkbox:

3. Setup MySql database configurations

Open application.properties file, configure datasource:

On MySQL database: testbdb, create persistent_logins table by below script:

4. Configure remember-me security

Configure datasource for remember-me.

Full Sourcecode

5. Run & Check results

Build & Run the project with SpringBoot App mode.

5.1 Check with normal cookie

– Make the firstly request: http://localhost:8080 -> login page will be redicted immediately, use account: user/user for authentication, But NOT check Remember me.
=> Result: Login successfully, having 1 cookie: JSESSIONID. No record in persistent_logins table

springboot remember me Persistent approach - jsessionid

– Delete JSESSIONID and make above request again: http://localhost:8080 => login page will be re-direct immediately for authentication again.

5.2 Check with Remember-me cookie

– Login with account: user/user, But check Remember me
>>> Authentication successfully. Having 2 cookies: JSESSIOINID & javasampleapproach-remember-me:

Spring boot Persistent Token Remember-Me authentication

javasampleapproach-remember-me cookie has 1 day for expired time.

>>> And 1 record in persistent_logins table:

springboot Persistent token remember-me approach - record in persistent_logins

– Remove JSESSIONID cookie, then make the request: http://localhost:8080
-> NOT redirect to login page (because having javasampleapproach-remember-me cookie)

– Remove JSESSIONID & javasampleapproach-remember-me cookie, then make the request: http://localhost:8080, login page will be redirect >>> Right!

It works fine!

III. SourceCode

SpringLoginRememberMe

By JavaSampleApproach | April 17, 2017.

Last updated on August 8, 2017.


Related Posts


Got Something To Say:

Your email address will not be published. Required fields are marked *

*