2. 질의 응답
  3. 봄 보안 : 기억-나 사용자 정의 AuthenticationProvider에 작동하지 않습니다

봄 보안 : 기억-나 사용자 정의 AuthenticationProvider에 작동하지 않습니다

2012-04-04 4 views
1

내가 정의 AuthenticationProvider 사용하고 있습니다 :봄 보안 : 기억-나 사용자 정의 AuthenticationProvider에 작동하지 않습니다

<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/accessDenied.xhtml" > 

    <!-- ........... --> 

    <security:remember-me user-service-ref="userDetailsService" key="some-string"/> 

</security:http>

모든 작품 : 나는 또한 기억 - 나 기능을 사용하려고

public class CustomAuthenticationProviderImpl extends AbstractUserDetailsAuthenticationProvider { 

    @Resource(name="userDetailsService") 
    private UserDetailsService userDetailsService; 

    //....... 

}

을 기억 나는 나를 제외하고. 그것은 내가 맞춤형을 사용하지 않을 때 일하는 것이 었습니다. AuthenticationProvider.

remember-me가 작동하려면 무엇을해야합니까?

public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler { 

    @Override 
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { 

     int timeout = 60*60; 

     request.getSession().setMaxInactiveInterval(timeout); //60 minutes 

     System.out.println("Session timeout of user: " + authentication.getName() + " has been set to: " + request.getSession().getMaxInactiveInterval() + " seconds."); 

     setDefaultTargetUrl("/views/home.jsf"); 

     super.onAuthenticationSuccess(request, response, authentication); 
    } 
}

UPDAT : 2 :

내가 Tomcat을 다시 시작할 때 나는 다음과 같은 디버그 출력을 얻고있다

UPDATE

나는 또한 AuthenticationSuccessHandler을 사용하고 있습니다. 하지만 로그인 폼을로드 할 때 제출할 때 - 디버그 결과에 remember이 포함 된 텍스트가 표시되지 않으며 remember-me 쿠키가 생성되지 않습니다.

DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:114) - org.springframework.core.env.AbstractEnvironment <init> : 
Initializing new StandardServletEnvironment 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [servletConfigInitParams] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [servletContextInitParams] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [jndiProperties] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [systemProperties] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [systemEnvironment] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:120) - org.springframework.core.env.AbstractEnvironment <init> : 
Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment] 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeFilter' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeServices' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'userDetailsService' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.authenticationManager' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeAuthenticationProvider' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeAuthenticationProvider'

나는 내 AuthenticationSuccessHandlerImpl 다음 사항이 없다 :

System.out.println("_spring_security_remember_me after authentication = " + request.getParameter("_spring_security_remember_me"));

출력은 다음과 같습니다

_spring_security_remember_me after authentication = on

하지만 아무도 기억 - 날이 쿠키가 만들어졌습니다! 직접 RememberMeAuthenticationProvider auto-config="false"을 선포 :

출처

2012-04-04 rapt

+0

어떻게 작동합니까? 예 : 브라우저에서 remember-me 쿠키를 추적 했습니까? 사용자가 인증되면 설정됩니까? 로그에 오류가 있습니까? –

+0

@ 루케 테일러 : 나는 응답 헤더를 체크 (파이어 버그)했는데 쿠키 헤더는 체크하지 않았다. 요청 헤더 - JSESSIONID 쿠키 헤더. 내 도메인 (localhost)에 대한 파이어 폭스의 쿠키 - JSESSIONID 쿠키 만 검사했습니다. Tomcat 로그에 오류 메시지가 표시되지 않습니다. BTW 나는 또한 위의 AuthenticationSuccessHandler를 사용하고있다. – rapt

+0

@ 루케 테일러 : 저는 다음 예제에 따라 JSF와 함께 스프링 보안을 사용합니다 : http://tutorials.slackspace.de/tutorial/Custom-login-page-with-JSF-and-Spring-Security-3 – rapt

답변

1

당신은 자동 구성을 해제하려고 할 수

<bean id="rememberMeFilter" class= 
"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> 
    <property name="rememberMeServices" ref="rememberMeServices"/> 
    <property name="authenticationManager" ref="authenticationManager" /> 
</bean> 

<bean id="rememberMeServices" class= 
"org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
    <property name="userDetailsService" ref="userService"/> 
    <property name="key" value="some-string"/> 
</bean> 

<bean id="rememberMeAuthenticationProvider" class= 
"org.springframework.security.authentication.RememberMeAuthenticationProvider"> 
    <property name="key" value="some-string"/> 
</bean>

출처

2012-04-05 08:33:21 vacuum

0

봄 보안의 최신 버전은, 당신은 다음과 같이 설정을 추가 할 수 있습니다

보안 컨텍스트에 자격 증명이없는 경우 자동 로그인을 처리하는 필터를 만드는 데 도움이됩니다. 또한 rememberMeServices 및 RememberAuthenticationProvider를 만드는 데 도움이됩니다.

사용자가 CustomAuthenticationProviderImpl을 다시 쓰기 전에 작동 할 수 있다고 말했습니까? 그래서 나는 당신이 이미 그것을 설정했다고 생각합니다.

이제 문제는 CustomAuthenticationProviderImpl을 다시 작성한 다음 remember-me에 대한 원래 줄을 끊는 것입니다.처음에 당신은 당신의 사용자 지정 공급자에 rememberMeService을 설정해야합니다

<beans:bean id="customFilter" class="..CustomAuthenticationProviderImpl "> 
    <beans:property ... /> 
    <beans:property name="rememberMeServices" ref="rememberMeServices" /> 
</beans:bean>

그리고는 "rememberMeServices"는, 당신은 또한 응답으로 나에게 서비스를 기억 설정해야 찾을 두지 못하는 것을 말한다면 당신은이에 시도 할 수 있습니다 위.

출처

2012-09-10 12:26:53 Mavlarn

관련 문제

 관련 문제