Spring Security 2.0.6记住我的问题

时间:2010-12-15 15:03:19

标签: java spring spring-security

我已经完成了设置记住我的步骤。

我的理解是,使用此功能会创建一个cookie,当用户返回浏览器并导航到我的网站并且cookie尚未过期时,他们应该登录我的网站。

我已经确认已创建Cookie,但我从未自动登录到我的网站。

所以我有点迷失在这里需要发生什么 - 我假设Spring Security负责这个并且我不需要扩展任何基类 - 这是正确的吗?

这是我到目前为止的配置:

<global-method-security secured-annotations="enabled"/>


    <http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/login.jsp?login_error=2" >
      <concurrent-session-control max-sessions="1"  expired-url="/login.jsp"/>
      <intercept-url pattern="/login.jsp*" filters="none"/>
      <intercept-url pattern="/styles/**" filters="none" />
      <intercept-url pattern="/images/**" filters="none" />
      <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
      <intercept-url pattern="/user/**" access="ROLE_USER" />
      <logout invalidate-session="true" logout-url="/j_spring_security_logout" logout-success-url="/login.jsp?loggedout=true"/>
<!--      <remember-me key="ecotrak1q2w3e4r5tazsxdc"/>-->
    </http>

        

<beans:bean id="defaultTargetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl" />

<beans:bean id="roleBasedTargetUrlResolver" class="vsg.ecotrak.security.custom.CustomTargetUrlResolverImpl">
  <beans:constructor-arg ref="defaultTargetUrlResolver" />
</beans:bean>

<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    <beans:property name="defaultTargetUrl" value="/admin/adminLanding.html"/>
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
    <beans:property name="allowSessionCreation" value="true" />
    <beans:property name="serverSideRedirect" value="true" />
    <beans:property name="targetUrlResolver" ref="roleBasedTargetUrlResolver" />
    <beans:property name="rememberMeServices" ref="rememberMeServices"/>
</beans:bean>

<authentication-manager alias="authenticationManager" />

<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <beans:property name="loginFormUrl" value="/login.jsp" />
    <beans:property name="forceHttps" value="false" />
</beans:bean>

<beans:bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
  <custom-filter position="REMEMBER_ME_FILTER" />
  <beans:property name="rememberMeServices" ref="rememberMeServices"/>
  <beans:property name="authenticationManager" ref="authenticationManager" />    
</beans:bean>


<beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
  <beans:property name="userDetailsService" ref="customUserDetailsServiceWrapper"/>
  <beans:property name="key" value="ecotrak1q2w3e4r5tazsxdc"/>
</beans:bean>

    <beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
      <custom-authentication-provider />
      <beans:property name="key" value="ecotrak1q2w3e4r5tazsxdc"/>
    </beans:bean>

这里有什么需要做的吗?

1 个答案:

答案 0 :(得分:0)

一种可能性是custom-filter没有指定rememberMe位置。

<custom-filter position="REMEMBER_ME_FILTER"/>