我正在用Spring编写WebApp。我创建了一个有效的自定义登录名(为什么不重要)。然后,现在我想向其添加“记住我”功能。我设法设置了cookie,但是现在我不知道如何自动登录用户。那么,当用户重新访问该网站时,我该如何登录?
这是我的身份验证方法:
public boolean authenticate(String username, String password) {
try {
AuthenticatedUser user = authService.loadUserByUsername(username);
if (new BCryptPasswordEncoder().matches(password, user.getPassword())) {
Authentication auth = new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
rememberMeService.loginSuccess(request, response, auth);
SecurityContextHolder.getContext().setAuthentication(auth);
return true;
}
return false;
} catch (UsernameNotFoundException e) {
return false;
}
}
这是我的WebConfiguration:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/VAADIN/**", "/HEARTBEAT/**", "/UIDL/**", "/resources/**", "/manifest.json", "/icons/**",
"/images/**",
"/frontend/**",
"/webjars/**",
"/h2-console/**",
"/frontend-es5/**", "/frontend-es6/**",
"/signup", "/signup**", "/signup/**", "/")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.rememberMe().rememberMeServices(rememberMeService())
.and()
.logout().permitAll();
}
@Bean
public TokenBasedRememberMeServices rememberMeService() {
TokenBasedRememberMeServices tbrms =
new TokenBasedRememberMeServices("rememberMe", userDetailsService);
tbrms.setAlwaysRemember(true);
return tbrms;
}
答案 0 :(得分:0)
这就是我的应用程序中的内容:
在您的Web配置中
rememberMe().key("superUniqueAndSecretKey")
而且您还必须在登录表单中添加一个“记住我”复选框(我想您会丢失此复选框)
<input type="checkbox" name="remember-me" />
(名称remember-me
是Spring 5的默认名称)