Spring安全记得 - 我工作不正常,数据库表工作不正常

时间:2015-03-26 06:13:23

标签: java spring-mvc spring-security remember-me

设置spring security后记住我(Persistent Token方法),将用户的数据存储到数据库中('persistent_token'表)。我可以在浏览器中看到“SPRING_SECURITY_REMEMBER_ME_COOKIE”。重新启动服务器后,我刷新我的用户并登录。但是,当同一用户再次登录时,他的数据应该更新。但是,它没有更新,它被插入到数据库中。因此,一个用户在该表中有多个值。 我的applicationSecurity.xml是,

 <security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/admin" access="hasRole('ADMINISTRATOR')" />
    <security:intercept-url pattern="/welcome" access="isAuthenticated()" />
    <security:remember-me
              token-validity-seconds = "1209600"
              data-source-ref = "dataSource"/>
</security:http>

<security:authentication-manager>
   <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"
 </security:authentication-provider>
</security:authentication-manager>

我的实体类

@Entity
@Table(name = "persistent_logins")
public class RememberMeToken implements Serializable {

@Column(name = "username")
private String username;

@Id
@Column(name = "series")
private String series;

@Column(name = "token")
private String token;

@Column(name = "last_used")
@Temporal(javax.persistence.TemporalType.DATE)
private Date date;

public RememberMeToken(){
}

public RememberMeToken(PersistentRememberMeToken token)
{
    this.username = token.getUsername();
    this.series = token.getSeries();
    this.token = token.getTokenValue();
    this.date = token.getDate();
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getSeries() {
    return series;
}

public void setSeries(String series) {
    this.series = series;
}

public String getToken() {
    return token;
}

public void setToken(String token) {
    this.token = token;
}

public Date getDate() {
    return date;
}

public void setDate(Date date) {
    this.date = date;
}

}

实施PersistentTokenRepository,

 @Repository
 public class PersistentTokenRepositoryImpl implements PersistentTokenRepository{

@Autowired
private RememberMeTokenRepository rememberMeTokenRepository;

@Override
public void createNewToken(PersistentRememberMeToken token) {

    RememberMeToken newToken = new RememberMeToken(token);
    this.rememberMeTokenRepository.save(newToken);

}

@Override
public void updateToken(String series, String tokenValue, Date lastUsed) {


    RememberMeToken token = this.rememberMeTokenRepository.findBySeries(series);
    if(token != null)
    {
        token.setToken(tokenValue);
        token.setDate(lastUsed);
    }
}

@Override
public PersistentRememberMeToken getTokenForSeries(String series) {

    RememberMeToken token = this.rememberMeTokenRepository.findBySeries(series);
    return new PersistentRememberMeToken(token.getUsername(),token.getSeries(),token.getToken(),token.getDate());        
}

@Override
public void removeUserTokens(String userName) {
    Iterable<RememberMeToken> tokens = this.rememberMeTokenRepository.findByUserName(userName);
    this.rememberMeTokenRepository.delete(tokens);
}

}

1 个答案:

答案 0 :(得分:0)

我认为您缺少提供用户名和令牌唯一属性,这是您可以确保只插入唯一行的方式,或者如果值已更新,则还可以检查createNewToken()方法电子邮件已经插入,如果电子邮件不存在,那么只有您可以插入该行,这样您将获得单行电子邮件的单行,希望这对您有所帮助,问候!

相关问题
最新问题