1. 首页
  2. 问答
  3. 春季安全:记得,我不使用自定义的AuthenticationProvider工作

春季安全:记得,我不使用自定义的AuthenticationProvider工作

2012-04-04 49 views
1

我使用的是自定义的AuthenticationProvider春季安全:记得,我不使用自定义的AuthenticationProvider工作

public class CustomAuthenticationProviderImpl extends AbstractUserDetailsAuthenticationProvider { 

    @Resource(name="userDetailsService") 
    private UserDetailsService userDetailsService; 

    //....... 

}

我也尝试使用记得,我的特点:

<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/accessDenied.xhtml" > 

    <!-- ........... --> 

    <security:remember-me user-service-ref="userDetailsService" key="some-string"/> 

</security:http>

一切正常除了记得我之外。它曾经工作,当我没有使用自定义AuthenticationProvider

为了使记忆我的工作我需要做些什么?

UPDATE

我也使用AuthenticationSuccessHandler

public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler { 

    @Override 
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { 

     int timeout = 60*60; 

     request.getSession().setMaxInactiveInterval(timeout); //60 minutes 

     System.out.println("Session timeout of user: " + authentication.getName() + " has been set to: " + request.getSession().getMaxInactiveInterval() + " seconds."); 

     setDefaultTargetUrl("/views/home.jsf"); 

     super.onAuthenticationSuccess(request, response, authentication); 
    } 
}

UPDAT 2:

我正在以下调试输出,当我重新启动Tomcat。但是,当我加载登录表单并提交时 - 在调试输出中没有看到任何包含remember的文本,并且没有创建记忆-UCC。

DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:114) - org.springframework.core.env.AbstractEnvironment <init> : 
Initializing new StandardServletEnvironment 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [servletConfigInitParams] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [servletContextInitParams] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [jndiProperties] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [systemProperties] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast : 
Adding [systemEnvironment] PropertySource with lowest search precedence 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:120) - org.springframework.core.env.AbstractEnvironment <init> : 
Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment] 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeFilter' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeServices' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'userDetailsService' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.authenticationManager' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeFilter' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'rememberMeServices' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton : 
Creating shared instance of singleton bean 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Creating instance of bean 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean : 
Eagerly caching bean 'rememberMeAuthenticationProvider' to allow for resolving potential circular references 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods : 
Invoking afterPropertiesSet() on bean with name 'rememberMeAuthenticationProvider' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean : 
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor' 
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean : 
Finished creating instance of bean 'rememberMeAuthenticationProvider'

我在AuthenticationSuccessHandlerImpl如下:

System.out.println("_spring_security_remember_me after authentication = " + request.getParameter("_spring_security_remember_me"));

,输出是:

_spring_security_remember_me after authentication = on

但没记住,我的cookie被创造!

来源

2012-04-04 rapt

+0

它以什么方式不起作用?例如:您是否跟踪过浏览器提交的remember-me cookie?当用户通过身份验证时它会被设置吗?你在日志中遇到错误吗? – 2012-04-04 22:50:17

+0

@Luke Taylor:我检出了(Firebug)响应头文件 - 没有Cookie头文件。请求标头 - 只有JSESSIONID cookie的标头。我检查了Firefox的Cookie,用于我的域名(本地主机) - 只有JSESSIONID cookie。我在Tomcat日志中看不到错误消息。顺便说一句,我也使用'AuthenticationSuccessHandler',见上文。 – rapt 2012-04-05 01:31:27

+0

@Luke Taylor:我使用Spring安全与JSF一起,遵循以下示例:http://tutorials.slackspace.de/tutorial/Custom-login-page-with-JSF-and-Spring-Security-3 – rapt 2012-04-05 07:55:41

回答

1

你可以尝试禁用自动配置:auto-config="false"并宣布RememberMeAuthenticationProvider直接:

<bean id="rememberMeFilter" class= 
"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> 
    <property name="rememberMeServices" ref="rememberMeServices"/> 
    <property name="authenticationManager" ref="authenticationManager" /> 
</bean> 

<bean id="rememberMeServices" class= 
"org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
    <property name="userDetailsService" ref="userService"/> 
    <property name="key" value="some-string"/> 
</bean> 

<bean id="rememberMeAuthenticationProvider" class= 
"org.springframework.security.authentication.RememberMeAuthenticationProvider"> 
    <property name="key" value="some-string"/> 
</bean>

来源

2012-04-05 08:33:21 vacuum

0

春季安全的最新版本,可以如下添加配置:

它将帮助您创建过滤器,如果在安全上下文中找不到凭证,它将处理自动登录。它还可以帮助您创建rememberMeServices和rememberMeAuthenticationProvider。

你说过,在你重写CustomAuthenticationProviderImpl之前,它可以工作。所以我认为你已经设定好了。

现在的问题是,你重写CustomAuthenticationProviderImpl,然后你打破记忆我的原始线。首先你需要设置rememberMeService在您的自定义提供:

<beans:bean id="customFilter" class="..CustomAuthenticationProviderImpl "> 
    <beans:property ... /> 
    <beans:property name="rememberMeServices" ref="rememberMeServices" /> 
</beans:bean>

你还可以用这个试试,如果它说,“RememberMeServices的”水湿找到,那么你也应该设置记得我服务为一体的回复在上面。

来源

2012-09-10 12:26:53 Mavlarn

相关问题

 相关问题