我已经完成了设置记住我的步骤。
我的理解是,使用此功能会创建一个cookie,当用户返回浏览器并导航到我的网站并且cookie尚未过期时,他们应该登录我的网站。
我已经确认已创建Cookie,但我从未自动登录到我的网站。
所以我有点迷失在这里需要发生什么 - 我假设Spring Security负责这个并且我不需要扩展任何基类 - 这是正确的吗?
这是我到目前为止的配置:
<global-method-security secured-annotations="enabled"/>
<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/login.jsp?login_error=2" >
<concurrent-session-control max-sessions="1" expired-url="/login.jsp"/>
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/user/**" access="ROLE_USER" />
<logout invalidate-session="true" logout-url="/j_spring_security_logout" logout-success-url="/login.jsp?loggedout=true"/>
<!-- <remember-me key="ecotrak1q2w3e4r5tazsxdc"/>-->
</http>
<beans:bean id="defaultTargetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl" />
<beans:bean id="roleBasedTargetUrlResolver" class="vsg.ecotrak.security.custom.CustomTargetUrlResolverImpl">
<beans:constructor-arg ref="defaultTargetUrlResolver" />
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<beans:property name="defaultTargetUrl" value="/admin/adminLanding.html"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
<beans:property name="allowSessionCreation" value="true" />
<beans:property name="serverSideRedirect" value="true" />
<beans:property name="targetUrlResolver" ref="roleBasedTargetUrlResolver" />
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
</beans:bean>
<authentication-manager alias="authenticationManager" />
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp" />
<beans:property name="forceHttps" value="false" />
</beans:bean>
<beans:bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<custom-filter position="REMEMBER_ME_FILTER" />
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
<beans:property name="userDetailsService" ref="customUserDetailsServiceWrapper"/>
<beans:property name="key" value="ecotrak1q2w3e4r5tazsxdc"/>
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<custom-authentication-provider />
<beans:property name="key" value="ecotrak1q2w3e4r5tazsxdc"/>
</beans:bean>
这里有什么需要做的吗?
答案 0 :(得分:0)
一种可能性是custom-filter
没有指定rememberMe
位置。
<custom-filter position="REMEMBER_ME_FILTER"/>