我使用的是自定义的AuthenticationProvider
:春季安全:记得,我不使用自定义的AuthenticationProvider工作
public class CustomAuthenticationProviderImpl extends AbstractUserDetailsAuthenticationProvider {
@Resource(name="userDetailsService")
private UserDetailsService userDetailsService;
//.......
}
我也尝试使用记得,我的特点:
<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/accessDenied.xhtml" >
<!-- ........... -->
<security:remember-me user-service-ref="userDetailsService" key="some-string"/>
</security:http>
一切正常除了记得我之外。它曾经工作,当我没有使用自定义AuthenticationProvider
。
为了使记忆我的工作我需要做些什么?
UPDATE
我也使用AuthenticationSuccessHandler
:
public class AuthenticationSuccessHandlerImpl extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
int timeout = 60*60;
request.getSession().setMaxInactiveInterval(timeout); //60 minutes
System.out.println("Session timeout of user: " + authentication.getName() + " has been set to: " + request.getSession().getMaxInactiveInterval() + " seconds.");
setDefaultTargetUrl("/views/home.jsf");
super.onAuthenticationSuccess(request, response, authentication);
}
}
UPDAT 2:
我正在以下调试输出,当我重新启动Tomcat。但是,当我加载登录表单并提交时 - 在调试输出中没有看到任何包含remember
的文本,并且没有创建记忆-UCC。
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,166 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:114) - org.springframework.core.env.AbstractEnvironment <init> :
Initializing new StandardServletEnvironment
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [servletConfigInitParams] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [servletContextInitParams] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [jndiProperties] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [systemProperties] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (MutablePropertySources.java:103) - org.springframework.core.env.MutablePropertySources addLast :
Adding [systemEnvironment] PropertySource with lowest search precedence
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractEnvironment.java:120) - org.springframework.core.env.AbstractEnvironment <init> :
Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment]
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeFilter' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,182 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeServices' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,198 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'userDetailsService'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.authenticationManager'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeFilter'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'rememberMeServices'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (DefaultSingletonBeanRegistry.java:217) - org.springframework.beans.factory.support.DefaultSingletonBeanRegistry getSingleton :
Creating shared instance of singleton bean 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:430) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Creating instance of bean 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:504) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory doCreateBean :
Eagerly caching bean 'rememberMeAuthenticationProvider' to allow for resolving potential circular references
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:1498) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory invokeInitMethods :
Invoking afterPropertiesSet() on bean with name 'rememberMeAuthenticationProvider'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractBeanFactory.java:245) - org.springframework.beans.factory.support.AbstractBeanFactory doGetBean :
Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
DEBUG [pool-2-thread-1] 2012-04-16 09:18:11,213 (AbstractAutowireCapableBeanFactory.java:458) - org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory createBean :
Finished creating instance of bean 'rememberMeAuthenticationProvider'
我在AuthenticationSuccessHandlerImpl
如下:
System.out.println("_spring_security_remember_me after authentication = " + request.getParameter("_spring_security_remember_me"));
,输出是:
_spring_security_remember_me after authentication = on
但没记住,我的cookie被创造!
它以什么方式不起作用?例如:您是否跟踪过浏览器提交的remember-me cookie?当用户通过身份验证时它会被设置吗?你在日志中遇到错误吗? – 2012-04-04 22:50:17
@Luke Taylor:我检出了(Firebug)响应头文件 - 没有Cookie头文件。请求标头 - 只有JSESSIONID cookie的标头。我检查了Firefox的Cookie,用于我的域名(本地主机) - 只有JSESSIONID cookie。我在Tomcat日志中看不到错误消息。顺便说一句,我也使用'AuthenticationSuccessHandler',见上文。 – rapt 2012-04-05 01:31:27
@Luke Taylor:我使用Spring安全与JSF一起,遵循以下示例:http://tutorials.slackspace.de/tutorial/Custom-login-page-with-JSF-and-Spring-Security-3 – rapt 2012-04-05 07:55:41