Peter, Remember Me is extremely easy to setup and use with JSecurity.
Just set the rememberMe property true in UsernamePasswordToken when authenticating. Or if you are using a custom token, make sure it implements RememberMeAuthenticationToken and returns true for isRememberMe().
The effect will be that when the user revisits your site getPrincipals() will return their principals, but isAuthenticated() will return false (since they haven't acutally authenticated this session)
The <jsec:user/> tag (not <jsec:remembered/> which was renamed) will only render if principals are not-null, such as when the user is remembered.
For web URL rules, the "user" rule allows access if the user is known (principals aren't null). Whereas "authc" requires them to have actually authenticated this session.
Does that make sense? If not, please ask more questions! Jeremy On Jul 18, 2008, at 12:26 PM, Peter Ledbrook wrote:
Hi, I've just been asked this on the Grails mailing list: I am using the jsec plugin, but I dont want my users to have to authenticate every time - I want if they check the remember me checkbox to "auto-login" the user next time they come to the site for say 2 weeks (which is a common way sites around the web do signing in) - how can I do that with jsecurity? What's the preferred way of doing this? Is it possible? Thanks, Peter
