Spring security -remember me

Question

我想在我的应用程序中使用spring安全来实现记住我。我没有得到正确的方法去做..有没有人可以帮助我如何继续..我的spring-security配置文件如下：=-

<security:http disable-url-rewriting="true"
    use-expressions="true" entry-point-ref="authenticationEntryPoint"
    access-denied-page="/pages/access_denied.jsp" create-session="never"  >

    <security:custom-filter ref="authenticationFilter"
        position="FORM_LOGIN_FILTER" />
    <security:logout invalidate-session="true"
        logout-url="/j_spring_security_logout" success-handler-ref="logoutHandler" />
</security:http>
<!-- Bean for handling logout -->
<bean id="logoutHandler" class="se.etm.ewo.web.security.filter.LogoutHandler" />
<!-- Temporary internal authentication manager -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="daoAuthenticationProvider" />
</security:authentication-manager>

<bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService">
        <ref bean="userDao" />
    </property>
    <property name="passwordEncoder">
        <bean
            class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder" />
    </property>
</bean>

<bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/pages/login.jsp" />
    <property name="forceHttps" value="false" />
</bean>

<bean name="authenticationFilter"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <property name="authenticationManager">
        <ref bean="authenticationManager" />
    </property>
    <property name="filterProcessesUrl">
        <value>/j_login</value>
    </property>
    <property name="authenticationSuccessHandler" ref="successHandler" />

    <property name="authenticationFailureHandler">
        <bean
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <constructor-arg>
                <value>/loginFailed.do</value>
            </constructor-arg>
        </bean>
    </property>
</bean>

<bean id="successHandler"
    class="se.etm.ewo.web.security.authentication.RoleBasedAuthenticationSuccessHandler">
    <property name="roleToUrlMap">
        <map>
            <entry key="SYSADMIN" value="/secure/loginSubmit.do" />
            <entry key="ADMIN" value="/secure/loginSubmit.do" />
            <entry key="ORGADMIN" value="/secure/loginSubmit.do" />
            <entry key="USER" value="/secure/loginSubmit.do" />
        </map>
    </property>
</bean>

<bean id="loggerListener"
    class="org.springframework.security.access.event.LoggerListener" />

​

Answer 1

您似乎不遗余力地在没有名称空间的情况下配置所有内容，您所做的大部分工作都可以使用名称空间完成。

<security:http  disable-url-rewriting="true"
                use-expressions="true" entry-point-ref="authenticationEntryPoint" 
                access-denied-page="/pages/access_denied.jsp" create-session="never"  >

    <security:login-form authentication-success-handler-ref="successHandler" login-processing-url="/j_login" login-page="/pages/login.jsp" authentication-failure-url="/loginFailed.do"/>
    <security:logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutHandler" />

</security:http>
<!-- Bean for handling logout -->
<bean id="logoutHandler" class="se.etm.ewo.web.security.filter.LogoutHandler" />

<!-- Temporary internal authentication manager -->

<security:authentication-manager>
    <security:authentication-provider ref="daoAuthenticationProvider" />
</security:authentication-manager>

<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userdao"/>
    <property name="passwordEncoder">
        <bean class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder" />
    </property>
</bean>

<bean id="successHandler" class="se.etm.ewo.web.security.authentication.RoleBasedAuthenticationSuccessHandler">
    <property name="roleToUrlMap">
        <map>
            <entry key="SYSADMIN" value="/secure/loginSubmit.do" />
            <entry key="ADMIN" value="/secure/loginSubmit.do" />
            <entry key="ORGADMIN" value="/secure/loginSubmit.do" />
            <entry key="USER" value="/secure/loginSubmit.do" />
        </map>
    </property>
</bean>

<bean id="loggerListener" class="org.springframework.security.access.event.LoggerListener" />

这应该会产生相同的结果。现在，您应该能够添加具有正确配置的<security:remember-me />标记。一个简单的<security:remember-me key="myAppKey"/>应该足以启用它。请参阅Spring Security Reference Guide中关于Remember me的章节。有关更多配置选项，请参阅the namespace description。