spring security之Remember Me

Posted 张楠楠

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了spring security之Remember Me相关的知识,希望对你有一定的参考价值。

spring-security.xml配置

环境:

spring版本:5.0.7.RELEASE

spring-security.xml引入:

http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd

1、添加以下remember-me服务需要的bean:

    <!--rememberMe-->
    <beans:bean id="myRememberMeAuthenticationProvider" class=
            "org.springframework.security.authentication.RememberMeAuthenticationProvider">
        <beans:constructor-arg name="key" value="xxxxxxxx"/>
    </beans:bean>

    <!--不能与http标签中的remember-me同时存在,否则会报have the same ‘order‘ value-->
    <beans:bean id="myRememberMeAuthenticationFilter" class=
            "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
        <beans:constructor-arg name="rememberMeServices" ref="myRememberMeServices"/>
        <beans:constructor-arg name="authenticationManager" ref="authenticationManager" />
    </beans:bean>

    <!-- RememberMeServices的实现 -->
    <beans:bean id="myRememberMeServices" class=
            "org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
        <beans:constructor-arg name="key" value="xxxxxxxx"/>
        <beans:constructor-arg name="userDetailsService" ref="myUserDetailService"/>
        <beans:constructor-arg name="tokenRepository" ref="myPersistentTokenRepository"/>
        <beans:property name="tokenValiditySeconds" value="86400"/><!--1天-->
    </beans:bean>
    <!--持久化token,存入数据库persistent_logins表中-->
    <beans:bean id="myPersistentTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
        <beans:property name="dataSource" ref="dataSource"/>
    </beans:bean>

 

2、

添加你的RememberMeServices实现UsernamePasswordAuthenticationFilter.setRememberMeServices()的属性

包括RememberMeAuthenticationProviderAuthenticationManager.setProviders()中的列表,

并添加RememberMeAuthenticationFilter到你的FilterChainProxy(一般在你的UsernamePasswordAuthenticationFilter之后)

详细如下:

    <http auto-config="false" use-expressions="true" entry-point-ref="myLoginUrlAuthenticationEntryPoint">
        <intercept-url pattern="/**" access="authenticated"/>

        <custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER"/>

        <custom-filter  ref="myRememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/>

        <!--用户退出的时候清空session以及删除JSESSIONID的cookies
            只有logout-url为/logout时,才会触发CookieClearingLogoutHandler的logout方法-->
        <logout logout-url="/logout"
                logout-success-url="/login"
                invalidate-session="true"
                delete-cookies="JSESSIONID"/>

        <!--session-authentication-strategy-ref表示会话的身份验证策略-->
        <session-management invalid-session-url="/login">
            <concurrency-control max-sessions="1"/>
        </session-management>

        <csrf disabled="true" />

    </http>
    <!--不能与form-login同时存在,因为它功能相当于调用http.formLogin()。同时出现,会报have the same ‘order‘ value.-->
    <beans:bean id="loginAuthenticationFilter"
                class="com.example.demo.web.security.MyUsernamePasswordAuthenticationFilter">
        <beans:property name="usernameParameter" value="name"/>             <!--对应登录时的用户名需要传的参数名称-->
        <beans:property name="passwordParameter" value="pass"/>             <!--对应登录时的密码提交时的参数名称-->
        <beans:property name="filterProcessesUrl" value="/signin"/>    <!--表单提交地址-->
        <beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler"/>
        <beans:property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler"/>
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="rememberMeServices" ref="myRememberMeServices"/>
    </beans:bean>

    <!-- 验证配置 , 认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="myDaoAuthenticationProvider"/>
        <authentication-provider ref="myRememberMeAuthenticationProvider"/>
    </authentication-manager>

 



以上是关于spring security之Remember Me的主要内容,如果未能解决你的问题,请参考以下文章

Spring Security 之 Remember-Me (记住我)

Spring Security 入门(1-12)Spring Security - remember me!

spring security remember me实现自动登录

Spring Security Remember-Me

Spring Security(12)——Remember-Me功能

257.Spring Boot+Spring Security:记住我(Remember-Me): 方案