在Spring MVC 4中使用Remember-Me捕获登录

Question

我想检测用户何时使用“登录”表单或“记住我”cookie进入我的网页，并且我想执行注册登录的代码，但这不起作用。我不知道是否存在其他方法来实现我的目标。

我测试了这个解决方案：

• http://learn.eastros.com/2012/07/11/springsecurity-capturing-rememberme-success-event/。在这里，它必须手动定义所有类，过滤器，服务和处理程序，用于登录，注销和记住我。
• Recording logins with Spring Security。这篇文章尝试了一个更简单的解决方案，只为成功登录和成功记住我定义了相同的处理程序。但是不行。
• 另一方面，这里remember-me and authentication-success-handler说form-login和remember-me的处理程序不能是同一个类，我将为remmeber-me处理程序实现AuthenticationSuccessHandler。也没用。
• 我也尝试在REMEMBER_ME_FILTER的位置之前和之后定义过滤器。没有。

问题

1. 可以使用表格登录过滤器REMEMBER-ME吗？
2. 安全性：http配置需要指示auto-config =＆＃34; false＆＃34;并实现用于登录，注销的过滤器并记住我作为第一个链接？
3. 我是否需要实施我的服务，提供商或我只能实施过滤器？

我的配置：

安全context.xml中

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> 

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="customAuthenticationProvider">     
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="customAuthenticationProvider" class="com.treebuk.config.CustomAuthenticationProvider"></bean>
    <bean id="customUserDetailsService" class="com.treebuk.config.CustomUserDetailsService"></bean>
    <bean id="customAuthenticationSuccessHandler" class="com.treebuk.config.CustomAuthenticationSuccessHandler"></bean>
    <bean id="customRememberMeAuthenticationSuccessHandler" class="com.treebuk.config.CustomRememberMeAuthenticationSuccessHandler"></bean>
    <bean id="customLogoutSuccessHandler" class="com.treebuk.config.CustomLogoutSuccessHandler"></bean>
    <bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"></bean>


    <bean id="customRememberMeService" class="com.treebuk.config.CustomRememberMeService">
        <constructor-arg value="MYKEY" />
        <constructor-arg ref="customUserDetailsService"/>
    </bean>

    <bean id="customRememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
        <!-- key needs to be same as that provided to customRememberMeService. -->
        <constructor-arg value="MYKEY"/>
    </bean>

    <bean id="rememberMeFilter" class="com.treebuk.config.CustomRememberMeAuthenticationFilter">
        <constructor-arg ref="authenticationManager"/>
        <constructor-arg ref="customRememberMeService"/>
    </bean>

    <security:http >
        <security:intercept-url pattern="/" access="permitAll" />
        <security:intercept-url pattern="/login/**" access="permitAll" />
        <security:intercept-url pattern="/logout" access="permitAll" />
        <security:intercept-url pattern="/**" access="denyAll" />

        <security:form-login 
            authentication-success-handler-ref="customAuthenticationSuccessHandler"
            authentication-failure-url="/login?error=true"
            login-page="/login"
            password-parameter="lgPassword" 
            username-parameter="lgUsername" />

        <security:logout
            success-handler-ref="customLogoutSuccessHandler" 
            logout-url="/logout"
            invalidate-session="true" />

        <security:csrf disabled="true" />

        <security:remember-me
            user-service-ref="customUserDetailsService"
            remember-me-parameter="lgRememberMe"
            token-validity-seconds="100" />

        <security:custom-filter ref="rememberMeFilter" after="REMEMBER_ME_FILTER" />

        <security:session-management>
            <security:concurrency-control max-sessions="1" />
        </security:session-management>
    </security:http>

</beans>

的login.jsp

<c:url var="loginUrl" value="/login" />
    <form action="${loginUrl}" method="post">
        <input type="hidden" name="spring-security-redirect" value="<c:out value="${param.r}" />">
        <label for="txt_username">Usuario:</label>
        <input type="text" id="txt_username" name="lgUsername" />
        <br />
        <label for="txt_password">Contraseña:</label>
        <input type="password" id="txt_password" name="lgPassword">
        <br />
        <label for="chck_remeberme">Recordarme:</label>
        <input type="checkbox" id="chck_remeberme" name="lgRememberMe" checked="checked" />
        <br />
        <input name="submit" type="submit" value="Identificarse" />
    </form>

CustomRememberMeAuthenticationFilter.java

public class CustomRememberMeAuthenticationFilter extends RememberMeAuthenticationFilter {


    public CustomRememberMeAuthenticationFilter(AuthenticationManager authenticationManager, RememberMeServices rememberMeServices) {
        super(authenticationManager, rememberMeServices);
        // TODO Auto-generated constructor stub
    }

    @Override
    protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
        // TODO: User has been auto-logged using a remember me cookie, do your stuff here
        String x = "OK";
        x += "";
        String y = x;
    }
}

CustomRememberMeService.java（我评论body extractRememberMeCookie，因为else request.getHeader（＆＃34; remember-me＆＃34;）== null并抛出空异常）

public class CustomRememberMeService extends TokenBasedRememberMeServices{

    public static final int TOKEN_VALIDITY_SECONDS = 15; // 60*30=30 minutes

    public CustomRememberMeService(String key, UserDetailsService userDetailsService) {
        super(key, userDetailsService);
    }

    @Override
    protected String extractRememberMeCookie(HttpServletRequest request) {
//        String rememberMe = request.getHeader("remember-me");
//        int startIndex = "remember-me=".length();
//        int endIndex = rememberMe.indexOf("; ", startIndex);
//        return rememberMe.substring(startIndex, endIndex);
        return "";
    }

    @Override
    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
        return TOKEN_VALIDITY_SECONDS;
    }

}

CustomAuthenticationProvider.java，（**这里我解密并比较用户密码）

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public Authentication authenticate(Authentication authLoginForm) throws AuthenticationException {

        String principal = authLoginForm.getName();
        String credenctials = (String) authLoginForm.getCredentials();

        User user = (User) customUserDetailsService.loadUserByUsername(principal);

        if (user != null) {
            if (passwordEncoder.matches(credenctials, user.getPassword())) {
                System.out.println("Usuario identificado correctamente");
                                    return new UsernamePasswordAuthenticationToken(principal.toLowerCase(), user.getPassword(), user.getAuthorities());
            }
            else
            {
                System.out.println("Contraseña incorrecta");
                throw new BadCredentialsException("Error de autentificación");
            }
        }
        else
        {
            throw new BadCredentialsException("Error de autentificación");
        }
    }

    @Override
    public boolean supports(Class<?> arg0) {
        return true;
    }

}

CustomAuthenticationSuccessHandler.java

@Component
public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    @Autowired
    private UserService userService;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        User user = userService.findByAlias(authentication.getName().toLowerCase());

        **// CODE FOR REGISTER LOGIN USER**

        setDefaultTargetUrl("URL");
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

CustomLogoutSuccessHandler.java

@Component
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        if (authentication != null) {
            // do something 
        }

        setDefaultTargetUrl("/login");
        super.onLogoutSuccess(request, response, authentication);       
    }
}

CustomRememberMeAuthenticationSuccessHandler，java（此代码在尝试使用hablder for success form-login时使用，其他用于成功记住我 - ＆gt; remember-me and authentication-success-handler）

@Service
public class CustomRememberMeAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Autowired
    private UserService userService;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        User user = userService.findByAlias(authentication.getName().toLowerCase());
        **// CODE FOR REGISTER LOGIN USER BY REMEMBER-ME**
    }
}