Hi,
To test out the RememberMeAuthenticationHandler you need to run it in conjunction with the Sample "TokenSlingAuthenticationHandler" [1] (see lines 135-139)
The way it works is the "TokenSlingAuthenticationHandler (and all other registered auth handlers) will fail in their authentication of the "normal" provided credentials (form params, etc.). When an auth handler in the stacks returns a FAIL state, it kicks the request back out to the sling auth stack but this time down the request credentials chain. In this case, the the RememberMe auth handler sits on top of the stack, checks for the existence of a valid remember me token, and then "reboots" the auth process via the sling.forward (which will send it back through the extract credentials). All of this requires you to be able to issue and validate a Remember Me token (cookie) which the samples do not do.
@justin_at_adobe may have an alternative approach to this.
1. This is handled by Sling; when extract credentials fails auth or the full stack is exhausted (returning null) and the resource is protected.
2. The code is very broad strokes. You would need to build all your specifics on top of it. the key part is creating, securing and validating the remember token. You could look to a back-end system or HMACSHAing some time-based value into a cookie. Typically your security team will want to weigh in on this.
3. IIRC authType lets you target a specific Auth handler's requestCredentials from extractCredentials() or authFailed()/authSucceeded()
[1] https://github.com/davidjgonzalez/com.activecq.samples/blob/master/core/src/main/java/com/activecq/s...
