我试图在Spring 3 webapp中集成RememberMe功能。 该应用程序运行良好,并没有显示任何其他问题。
当我启用“记住我”检查时,cookie已正确创建并随任何请求发送(我已使用Firebug和Chrome DevExtensions对其进行了测试)。
当我关闭并重新打开浏览器时,Cookie仍处于活动状态并被发送,但是没有触发RememberMe过滤器,然后链中的下一个过滤器是AnonymousFilter,用户被认证为匿名并发送回登录页面。
知道为什么吗?
applicationContext相关部分是:
<security:http>
<security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/stylesheets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/javascripts/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/impianti/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/buoni/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.html" />
<security:http-basic />
<security:logout logout-success-url="/login_redirect.jsp" logout-url="/logout" />
<security:remember-me/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="md5" />
<security:jdbc-user-service data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
日志是:
在浏览器关闭之前&amp;重新打开:
DEBUG: org.springframework.security.web.FilterChainProxy - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: (etc)
重新开放后:
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@230be4'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 96789943A570362DE4B0113A5262F0CB; Granted Authorities: ROLE_ANONYMOUS'
答案 0 :(得分:0)
检查您是否错过了记住我的身份验证提供程序。