(我的英语不太好,但我会尽力清楚地解释我的问题。)
我只想在Spring Security中使用Remember Me,所以我按照Spring Security Reference中提到的步骤进行操作。
这是我的代码:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserMapper userMapper;
@Autowired
RoleMapper roleMapper;
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/frame/**", "/img/**", "/css/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/login/**").permitAll()
.anyRequest().authenticated().and()
.addFilterAt(myUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login_page")).and()
.addFilterAt(rememberMeAuthenticationFilter(), RememberMeAuthenticationFilter.class)
.formLogin().loginPage("/login_page")
.loginProcessingUrl("/login").permitAll().and()
.logout().logoutUrl("/signout").logoutSuccessUrl("/login_page").permitAll().and()
// .rememberMe().key("testallKey").and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl()).passwordEncoder(new Md5PasswordEncoder()).and()
.authenticationProvider(rememberMeAuthenticationProvider());
}
@Bean
public UserDetailsServiceImpl userDetailsServiceImpl() {
return new UserDetailsServiceImpl(userMapper, roleMapper);
}
@Bean
public MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter() throws Exception {
MyUsernamePasswordAuthenticationFilter myFilter = new MyUsernamePasswordAuthenticationFilter();
myFilter.setAuthenticationManager(authenticationManagerBean());
myFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
myFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
myFilter.setRememberMeServices(tokenBasedRememberMeServices());
return myFilter;
}
@Bean
public AuthenticationSuccessHandler authenticationSuccessHandler() {
return new SimpleUrlAuthenticationSuccessHandler("/login/success");
}
@Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler("/login/failure");
}
@Bean
public TokenBasedRememberMeServices tokenBasedRememberMeServices() {
TokenBasedRememberMeServices tbrms = new TokenBasedRememberMeServices("testallKey", userDetailsServiceImpl());
tbrms.setTokenValiditySeconds(60 * 60 * 24 * 2);
tbrms.setParameter("rememberMe");
return tbrms;
}
@Bean
public RememberMeAuthenticationProvider rememberMeAuthenticationProvider() {
RememberMeAuthenticationProvider rmap = new RememberMeAuthenticationProvider("testallKey");
return rmap;
}
@Bean
public RememberMeAuthenticationFilter rememberMeAuthenticationFilter() throws Exception {
RememberMeAuthenticationFilter myFilter = new RememberMeAuthenticationFilter(authenticationManagerBean(), tokenBasedRememberMeServices());
return myFilter;
}
}
记住我很好,但是当我退出时,它并没有按照预期自动清除“记住我”的cookie。(因此我必须在注销后使用deleteCookies(“记住我”)( )手动)
任何人都可以告诉我为什么它不起作用?
我发现了另一个应用程序,它有效:
如果我使用“.rememberMe()。key(”testallKey“)”而不是添加“rememberMeAuthenticationFilter”和“RememberMeAuthenticationProvider”,这里是代码:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserMapper userMapper;
@Autowired
RoleMapper roleMapper;
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/frame/**", "/img/**", "/css/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/login/**").permitAll()
.anyRequest().authenticated().and()
.addFilterAt(myUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login_page")).and()
//.addFilterAt(rememberMeAuthenticationFilter(), RememberMeAuthenticationFilter.class)
.formLogin().loginPage("/login_page")
.loginProcessingUrl("/login").permitAll().and()
.logout().logoutUrl("/signout").logoutSuccessUrl("/login_page").permitAll().and()
.rememberMe().key("testallKey").and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl()).passwordEncoder(new Md5PasswordEncoder());
}
@Bean
public UserDetailsServiceImpl userDetailsServiceImpl() {
return new UserDetailsServiceImpl(userMapper, roleMapper);
}
@Bean
public MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter() throws Exception {
MyUsernamePasswordAuthenticationFilter myFilter = new MyUsernamePasswordAuthenticationFilter();
myFilter.setAuthenticationManager(authenticationManagerBean());
myFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
myFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
myFilter.setRememberMeServices(tokenBasedRememberMeServices());
return myFilter;
}
@Bean
public AuthenticationSuccessHandler authenticationSuccessHandler() {
return new SimpleUrlAuthenticationSuccessHandler("/login/success");
}
@Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler("/login/failure");
}
@Bean
public TokenBasedRememberMeServices tokenBasedRememberMeServices() {
TokenBasedRememberMeServices tbrms = new TokenBasedRememberMeServices("testallKey", userDetailsServiceImpl());
tbrms.setTokenValiditySeconds(60 * 60 * 24 * 2);
tbrms.setParameter("rememberMe");
return tbrms;
}
}
谁能告诉我这两种方法有什么区别? (你也可以指出我的英语语法错误☺,谢谢!)
答案 0 :(得分:0)
您不能在配置程序中使用 .deleteCookies 吗?另请参阅LogoutConfigurer文档
http.logout()
.logoutSuccessUrl("/")
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.permitAll();