If you use Spring Security or Apache Shiro, both of them support this with the appropriate filter. For Spring backend, Security works with a permanent store to remember tokens for me, and Shiro, I think, marks a hash value.
Here's the Spring manual: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html
Here's the shiro guide: http://shiro.apache.org/java-authentication-guide.html
If you use Java EE Security (please tell me that it is not), you are limited by what your container can support if you do not want to create a login filter. A client filter can sign a cookie with a MAC code and check it against a database. I donβt think tomcat 7 has a built-in module, you will probably need to check GlassFish (which supports SSO, I donβt think it supports, remember me).
source share