내가 정의 AuthenticationProvider
사용하고 있습니다 :봄 보안 : 기억-나 사용자 정의 AuthenticationProvider에 작동하지 않습니다
<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/accessDenied.xhtml" >
<!-- ........... -->
<security:remember-me user-service-ref="userDetailsService" key="some-string"/>
</security:http>
모든 작품 : 나는 또한 기억 - 나 기능을 사용하려고
public class CustomAuthenticationProviderImpl extends AbstractUserDetailsAuthenticationProvider {
@Resource(name="userDetailsService")
private UserDetailsService userDetailsService;
//.......
}
을 기억 나는 나를 제외하고. 그것은 내가 맞춤형을 사용하지 않을 때 일하는 것이 었습니다. AuthenticationProvider
.
remember-me가 작동하려면 무엇을해야합니까?
public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
int timeout = 60*60;
request.getSession().setMaxInactiveInterval(timeout); //60 minutes
System.out.println("Session timeout of user: " + authentication.getName() + " has been set to: " + request.getSession().getMaxInactiveInterval() + " seconds.");
setDefaultTargetUrl("/views/home.jsf");
super.onAuthenticationSuccess(request, response, authentication);
}
}
UPDAT : 2 :
내가 Tomcat을 다시 시작할 때 나는 다음과 같은 디버그 출력을 얻고있다
UPDATE
나는 또한 AuthenticationSuccessHandler
을 사용하고 있습니다. 하지만 로그인 폼을로드 할 때 제출할 때 - 디버그 결과에 remember
이 포함 된 텍스트가 표시되지 않으며 remember-me 쿠키가 생성되지 않습니다.
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:114) - org.springframework.core.env.AbstractEnvironment <init> :
Initializing new StandardServletEnvironment
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [servletConfigInitParams] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [servletContextInitParams] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [jndiProperties] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [systemProperties] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [systemEnvironment] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:120) - org.springframework.core.env.AbstractEnvironment <init> :
Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeFilter' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeServices' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'userDetailsService'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeAuthenticationProvider' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeAuthenticationProvider'
나는 내 AuthenticationSuccessHandlerImpl
다음 사항이 없다 :
System.out.println("_spring_security_remember_me after authentication = " + request.getParameter("_spring_security_remember_me"));
출력은 다음과 같습니다
이 _spring_security_remember_me after authentication = on
하지만 아무도 기억 - 날이 쿠키가 만들어졌습니다! 직접 RememberMeAuthenticationProvider auto-config="false"
을 선포 :
어떻게 작동합니까? 예 : 브라우저에서 remember-me 쿠키를 추적 했습니까? 사용자가 인증되면 설정됩니까? 로그에 오류가 있습니까? –
@ 루케 테일러 : 나는 응답 헤더를 체크 (파이어 버그)했는데 쿠키 헤더는 체크하지 않았다. 요청 헤더 - JSESSIONID 쿠키 헤더. 내 도메인 (localhost)에 대한 파이어 폭스의 쿠키 - JSESSIONID 쿠키 만 검사했습니다. Tomcat 로그에 오류 메시지가 표시되지 않습니다. BTW 나는 또한 위의 AuthenticationSuccessHandler를 사용하고있다. – rapt
@ 루케 테일러 : 저는 다음 예제에 따라 JSF와 함께 스프링 보안을 사용합니다 : http://tutorials.slackspace.de/tutorial/Custom-login-page-with-JSF-and-Spring-Security-3 – rapt