RememberMe (Java(TM) EE 8 Specification APIs)

```
@Inherited
 @InterceptorBinding
 @Retention(value=RUNTIME)
 @Target(value=TYPE)
public @interface RememberMe
```
The RememberMe annotation provides an application the ability to declaratively designate that an authentication mechanism effectively "remembers" the authentication and auto applies this with every request.
For the remember me function the credentials provided by the caller are exchanged for a (long-lived) token which is send to the user as the value of a cookie, in a similar way to how the HTTP session ID is send. It should be realized that this token effectively becomes the credential to establish the caller's identity within the application and care should be taken to handle and store the token securely. E.g. by using this feature with a secure transport (SSL/HTTPS), storing a strong hash instead of the actual token, and implementing an expiration policy.
The token is vended by a special purpose IdentityStore-like artifact; an implementation of the RememberMeIdentityStore.
This support is provided via an implementation of an interceptor spec interceptor that conducts the necessary logic.
Example:
```
 
      @RequestScoped
      @RememberMe
     public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
         // ...
     }
 
 
```
EL expressions in attributes of type String are evaluated for every request requiring authentication. Both immediate and deferred syntax is supported, but effectively the semantics are always deferred.
Note: this facility DOES NOT constitute any kind of "session management" system, but instead represents a special purpose authentication mechanism using a long-lived token, that is vended and validated by the RememberMeIdentityStore.

Optional Element Summary

Optional Elements
Modifier and Type	Optional Element and Description
`boolean`	`cookieHttpOnly` Flag to indicate that the remember me cookie should not be exposed to client-side scripting code, and should only be sent with HTTP requests.
`String`	`cookieHttpOnlyExpression` EL expression variant of `cookieHttpOnly()`.
`int`	`cookieMaxAgeSeconds` Max age in seconds for the remember me cookie.
`String`	`cookieMaxAgeSecondsExpression` EL expression variant of `cookieMaxAgeSeconds()`.
`String`	`cookieName` Name of the remember me cookie.
`boolean`	`cookieSecureOnly` Flag to indicate that the remember me cookie should only be sent using a secure protocol (e.g.
`String`	`cookieSecureOnlyExpression` EL expression variant of `cookieSecureOnly()`.
`boolean`	`isRememberMe` Flag to determine if remember me should be used.
`String`	`isRememberMeExpression` EL expression to determine if remember me should be used.

- Element Detail
  - cookieMaxAgeSeconds
```
public abstract int cookieMaxAgeSeconds
```
    Max age in seconds for the remember me cookie. Defaults to one day.
    
    Returns:
    
    Max age in seconds
    
    See Also:
    
    Cookie.setMaxAge(int)
    
    Default:
    
    86400
- - cookieMaxAgeSecondsExpression
```
public abstract String cookieMaxAgeSecondsExpression
```
    EL expression variant of cookieMaxAgeSeconds(). The expression needs to evaluate to an integer outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieMaxAgeSeconds() are specified, this attribute takes precedence.
    
    Returns:
    
    an expression evaluating to an integer designating the max age in seconds for the remember me cookie.
    
    Default:
    
    ""
- - cookieSecureOnly
```
public abstract boolean cookieSecureOnly
```
    Flag to indicate that the remember me cookie should only be sent using a secure protocol (e.g. HTTPS or SSL).
    
    Returns:
    
    true if the cookie should be sent using a secure protocol only false for any protocol.
    
    See Also:
    
    Cookie.setSecure(boolean)
    
    Default:
    
    true
- - cookieSecureOnlyExpression
```
public abstract String cookieSecureOnlyExpression
```
    EL expression variant of cookieSecureOnly(). The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieSecureOnly() are specified, this attribute takes precedence.
    
    Returns:
    
    an expression evaluating to an integer designating the max age in seconds for the remember me cookie.
    
    Default:
    
    ""
- - cookieHttpOnly
```
public abstract boolean cookieHttpOnly
```
    Flag to indicate that the remember me cookie should not be exposed to client-side scripting code, and should only be sent with HTTP requests.
    
    Returns:
    
    true if the cookie should be sent only with HTTP requests (and not be made available to client-side scripting code), false otherwise.
    
    See Also:
    
    Cookie.setHttpOnly(boolean)
    
    Default:
    
    true
- - cookieHttpOnlyExpression
```
public abstract String cookieHttpOnlyExpression
```
    EL expression variant of cookieHttpOnly(). The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext. If both this attribute and cookieHttpOnly() are specified, this attribute takes precedence.
    
    Returns:
    
    an expression evaluating to true if the cookie should be sent only with HTTP requests , false otherwise.
    
    Default:
    
    ""
- - cookieName
```
public abstract String cookieName
```
    Name of the remember me cookie.
    
    Returns:
    
    The name of the cookie
    
    See Also:
    
    Cookie.getName()
    
    Default:
    
    "JREMEMBERMEID"
- - isRememberMe
```
public abstract boolean isRememberMe
```
    Flag to determine if remember me should be used.
    
    Returns:
    
    Flag to determine if remember me should be used
    
    Default:
    
    true
- - isRememberMeExpression
```
public abstract String isRememberMeExpression
```
    EL expression to determine if remember me should be used. This is evaluated for every request requiring authentication. The expression needs to evaluate to a boolean outcome. All named CDI beans are available to the expression as well as default classes as specified by EL 3.0 for the ELProcessor and the implicit objects "self" which refers to the interceptor target and "httpMessageContext" which refers to the current HttpMessageContext.
    
    Returns:
    
    EL expression to determine if remember me should be used
    
    Default:
    
    ""

Annotation Type RememberMe

Optional Element Summary

Element Detail

cookieMaxAgeSeconds

cookieMaxAgeSecondsExpression

cookieSecureOnly

cookieSecureOnlyExpression

cookieHttpOnly

cookieHttpOnlyExpression

cookieName

isRememberMe

isRememberMeExpression