Using java spring AbstractPreAuthenticatedProcessingFilter for "keep me signed in"

Question

For implementing the "Keep me signed in" option on my application which uses Spring 2.5 I am trying to implement it through creating a CustomPreAuthenticatedProcessingFilter which extends AbstractPreAuthenticatedProcessingFilter. However, I am unable to do so may be I am missing out on few things. Below is what I have done so far:

1. Created CustomPreAuthenticaionProcessingFilter:

   import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest;

   import org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter;
   
   import com.domain.User;
   import com.service.UserService;
   
   public class CustomPreAuthenticaionProcessingFilter extends
       AbstractPreAuthenticatedProcessingFilter {
   
   private UserService userService;
   
   @Override
   public int getOrder() {
       // TODO Auto-generated method stub
       return 0;
   }
   
   @Override
   protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
       Cookie[] cookies = request.getCookies();
       String[] cookieValues = null;
       for (Cookie cookie : cookies) {
           if(cookie.getName().equalsIgnoreCase("loggedInCookie")){
               cookieValues = cookie.getValue().split(":"); 
           }
       }
       if(cookieValues!=null && cookieValues.length==3){
           try {
               User user = userService.getLoggedInUser(cookieValues[0], cookieValues[1], cookieValues[2]);
               if(user!=null)
                   return user;
           } catch (Exception e) {
               System.out.println("not authenticated");
           }
       }
       return "";
   }
   
   @Override
   protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
       return "";
   }
   
     /**
    * @param authenticationManager
    *            The AuthenticationManager to use
    */
   public void setUserService(UserService userService) {
       this.userService = userService;
   }
   
   
   }
   

2. Created Interceptor which checks if the cookie is present if not creates one.

The problem that I am facing here is that the filter is getting called many times not sure why, and also even though the object is retrieved through the filter it is not redirecting directly into the application bypassing the login page.

If anyone has implemented something on same lines it would be really helpful.

Thanks, -V

Answer 1

Did you go through this http://docs.spring.io/autorepo/docs/spring-security/3.0.x/reference/remember-me.html.

If you are able to follow the approach It shouldn't be difficult to implement with later version of spring too.