无法获得Spring安全＆＃34;记住我＆＃34;功能工作

Question

我是Spring和Java的新手。尝试设置安全性remember me功能。

这是我的security.xml和login.jsp个文件。我做错了什么？

security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"/>
        <security:password-encoder ref="passwordEncoder"/>
    </security:authentication-provider>
</security:authentication-manager>

    <security:http use-expressions="true">
        <security:intercept-url pattern="/" access="permitAll"/>
        <security:intercept-url pattern="/createplayer" access="isAuthenticated()"/>
        <security:intercept-url pattern="/players" access="hasRole('ROLE_ADMIN')"/>
        <security:intercept-url pattern="/createaccount" access="permitAll"/>
        <security:intercept-url pattern="/login" access="permitAll"/>
        <security:intercept-url pattern="/logout" access="permitAll"/>
        <security:intercept-url pattern="/welcome" access="hasRole('ROLE_ADMIN')"/>
        <security:intercept-url pattern="/**" access="denyAll"/>

        <security:form-login login-page="/login" authentication-failure-url="/login?error=true"/>

        <security:remember-me key="MyAppKey" remember-me-parameter="remember-me"
                              remember-me-cookie="remember-me"
                              token-validity-seconds="604800"
                              data-source-ref="dataSource"/>
    </security:http>

    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    </bean>

</beans>

login.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
    <h1>Login</h1>

   <c:if test="${param.error != null}">
    Login failed. Check if username or password are correct!
    </c:if>

    <form action = "/login", method="post">
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

    Name <br>
    <input name="username"/> <br>
    Password<br>
    <input type="password" name="password"/> <br>

    Remember me <br>
    <input type="checkbox" name="remember-me">

    <br><br>
    <input type="submit"> <br><br>

</form>

    <h2>${msg}</h2>
    <br>
    <a href = "http://localhost:9999/createaccount"> Create account </a> <br>
</body>
</html>

P.S。我尝试添加

<session-config>
  <session-timeout>1</session-timeout>
</session-config>

到web.xml检查是否＆＃34;记住我＆＃34;有效，但它记住我＆＃34;它总是在一分钟内退出。

Answer 1

将 id 添加到您的jdbc-user-service

<security:jdbc-user-service data-source-ref="dataSource" id="jdbcUserService/>

并通过它的ID来记住你的服务：

<security:remember-me key="MyAppKey"
                      user-service-ref="jdbcUserService"/>