Spring Security RememberMeAuthenticationFilter未被解雇

时间:2010-07-19 08:19:51

标签: spring-security

我试图在Spring 3 webapp中集成RememberMe功能。 该应用程序运行良好,并没有显示任何其他问题。

当我启用“记住我”检查时,cookie已正确创建并随任何请求发送(我已使用Firebug和Chrome DevExtensions对其进行了测试)。

当我关闭并重新打开浏览器时,Cookie仍处于活动状态并被发送,但是没有触发RememberMe过滤器,然后链中的下一个过滤器是AnonymousFilter,用户被认证为匿名并发送回登录页面。

知道为什么吗?

applicationContext相关部分是:

<security:http>
    <security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/stylesheets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/javascripts/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/impianti/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/buoni/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
    <security:intercept-url pattern="/**" access="ROLE_USER" />
    <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.html" />
    <security:http-basic />
    <security:logout logout-success-url="/login_redirect.jsp" logout-url="/logout" />
    <security:remember-me/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:password-encoder hash="md5" />
        <security:jdbc-user-service data-source-ref="dataSource"/>
    </security:authentication-provider>
</security:authentication-manager>

日志是:

在浏览器关闭之前&amp;重新打开:

DEBUG: org.springframework.security.web.FilterChainProxy - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: (etc)

重新开放后:

DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@230be4'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 96789943A570362DE4B0113A5262F0CB; Granted Authorities: ROLE_ANONYMOUS'

1 个答案:

答案 0 :(得分:0)

检查您是否错过了记住我的身份验证提供程序。