Using Remember Me in Shiro

In this post I'll cover how to use the Remember Me feature in Apache Shiro. Notice the emphasis is on using Remember Me, or retrieving the remembered credentials of the user on the initial page load of future visits. In other words, if I go to I want to see my name in the top right-hand menubar without logging in.

Enabling Remember Me

Here are the main points in enabling Remember Me in Shiro. First (and this is more of a sidebar) we want to pass a Boolean from our login form, so be sure to add the hidden "rememberMe" field in the HTML, otherwise a rememberMe @FormParam will not be passed if the checkbox is cleared and we'll have to test for a null.

Now we can pass the true/false rememberMe value to the UserPasswordToken and Shiro will take care of the rest. We can add it with the UserPasswordToken instance or explicitly setRememberMe() as shown below.

Using Remember Me

Now we get to the using part of the post where we obtain the Remember Me Shiro Subject credentials on the initial page load of future visits.

I like a Base PageInfo logic described in this NixMash post. We each have our own page loading approaches, but regardless we will add the retrieval of the Remember Me Subject. The key for us is Shiro's SecurityUtils.getSubject().getPrincipals() call. Notice we do NOT have a Shiro Subject Session on the initial page load of a future visit, but we DO have a Shiro Subject in our Remember Me Cookie. With this Subject we can create our CurrentUser object, save it to Session and put it into our Mustache Model (or whatever Page Templating Model we're using at the time.)