How to implement remember-me functionality or similar (almos

Posted by Toni Perätalo on 11-Feb-2020 14:31

Hi everyone,

Has anyone implemented “remember-me” functionality in their OpenEdge application using PAS? We would like to implement remember-me functionality or similar solution that allows especially our mobile users to be logged in like “forever”.

Some background information: We are using OpenEdge 12.1 (but should work also in 11.7) and PAS. We are using web transport so webhandlers are in use. Fontend that is written using JS, Native Script and Angular 8, communicates with backend using JSDO (and REST later). PAS is set for formLoginModel authentication currently. The goal is that especially mobile users would not need to re-login daily. Of course, it would be also great for desktop/browser users to use this remember-me functionality. Also being able to set the duration of time between re-logins would be nice.

Well, I have found that Spring Security supports remember-me functionality. There are (at least) two ways, Simple hash-based token and persistent token. https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html

 I tried to configure webapps/ROOT/WEB-INF/spring/formLoginModel.xml as in some examples:

<http pattern="/web/**"
...
<remember-me key="DiipaDaa"
     user-service-ref="OERealmUserDetails"
     remember-me-parameter="remember-me-param"
     remember-me-cookie="my-remember-me"
     token-validity-seconds="86400"/>

And then wrote a simple html login form 

<form action="localhost:8820/.../j_spring_security_check" method="POST">
           <input type='text' id="username" name="j_username" /><br>
           <input type='password' id="password" name="j_password"/><br>
           <label for="remember-me">Remember Me</label>
           <input type="checkbox" id="remember-me" name="remember-me-param"/><br>
           <input name="submit" type="submit" value="Login" />
       </form>


where I submit that remember-me-parameter. Login succeeds but remember-me cookie is not created and it won't remember user… To be honest I have no idea if the OERealmUserDetails is correct value for user-service-ref parameter. PAS won’t start at all without user-service-ref. 

So, does anyone have any idea how to implement this and how to proceed? How to configure PAS, what to do on frontend, does JSDO login support this etc? Or, are there any better solutions?

Regards,

Toni

All Replies

This thread is closed