我想在我的应用程序中使用spring security来实现记住我。 我没有正确的做法.. 任何人都可以帮助我如何继续..我的spring-security配置文件如下所示:= -
<security:http disable-url-rewriting="true"
use-expressions="true" entry-point-ref="authenticationEntryPoint"
access-denied-page="/pages/access_denied.jsp" create-session="never" >
<security:custom-filter ref="authenticationFilter"
position="FORM_LOGIN_FILTER" />
<security:logout invalidate-session="true"
logout-url="/j_spring_security_logout" success-handler-ref="logoutHandler" />
</security:http>
<!-- Bean for handling logout -->
<bean id="logoutHandler" class="se.etm.ewo.web.security.filter.LogoutHandler" />
<!-- Temporary internal authentication manager -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="daoAuthenticationProvider" />
</security:authentication-manager>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDao" />
</property>
<property name="passwordEncoder">
<bean
class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder" />
</property>
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/pages/login.jsp" />
<property name="forceHttps" value="false" />
</bean>
<bean name="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="filterProcessesUrl">
<value>/j_login</value>
</property>
<property name="authenticationSuccessHandler" ref="successHandler" />
<property name="authenticationFailureHandler">
<bean
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<constructor-arg>
<value>/loginFailed.do</value>
</constructor-arg>
</bean>
</property>
</bean>
<bean id="successHandler"
class="se.etm.ewo.web.security.authentication.RoleBasedAuthenticationSuccessHandler">
<property name="roleToUrlMap">
<map>
<entry key="SYSADMIN" value="/secure/loginSubmit.do" />
<entry key="ADMIN" value="/secure/loginSubmit.do" />
<entry key="ORGADMIN" value="/secure/loginSubmit.do" />
<entry key="USER" value="/secure/loginSubmit.do" />
</map>
</property>
</bean>
<bean id="loggerListener"
class="org.springframework.security.access.event.LoggerListener" />
答案 0 :(得分:0)
您似乎竭尽全力配置没有命名空间的所有内容,您可以使用命名空间完成大部分工作。
<security:http disable-url-rewriting="true"
use-expressions="true" entry-point-ref="authenticationEntryPoint"
access-denied-page="/pages/access_denied.jsp" create-session="never" >
<security:login-form authentication-success-handler-ref="successHandler" login-processing-url="/j_login" login-page="/pages/login.jsp" authentication-failure-url="/loginFailed.do"/>
<security:logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutHandler" />
</security:http>
<!-- Bean for handling logout -->
<bean id="logoutHandler" class="se.etm.ewo.web.security.filter.LogoutHandler" />
<!-- Temporary internal authentication manager -->
<security:authentication-manager>
<security:authentication-provider ref="daoAuthenticationProvider" />
</security:authentication-manager>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userdao"/>
<property name="passwordEncoder">
<bean class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder" />
</property>
</bean>
<bean id="successHandler" class="se.etm.ewo.web.security.authentication.RoleBasedAuthenticationSuccessHandler">
<property name="roleToUrlMap">
<map>
<entry key="SYSADMIN" value="/secure/loginSubmit.do" />
<entry key="ADMIN" value="/secure/loginSubmit.do" />
<entry key="ORGADMIN" value="/secure/loginSubmit.do" />
<entry key="USER" value="/secure/loginSubmit.do" />
</map>
</property>
</bean>
<bean id="loggerListener" class="org.springframework.security.access.event.LoggerListener" />
这应该产生相同的结果。现在,您应该能够使用正确的配置添加<security:remember-me />标记。一个简单的<security:remember-me key="myAppKey"/>应该足以启用它。请参阅Spring Security Reference Guide章节关于记住我。有关更多配置选项,请参阅the namespace description。