个人中心
gpt4 book ai didi

spring-security - Spring Security RememberMeAuthenticationFilter 未被触发

转载 作者:行者123 更新时间:2023-12-01 11:53:44 26 4
gpt4 key购买 nike

我正在尝试将 RememberMe 功能集成到 Spring 3 webapp 中。该应用运行良好,未显示任何其他问题。

当我启用“记住我”检查时,cookie 会正确创建并随任何请求一起发送(我已经使用 Firebug 和 Chrome DevExtensions 对其进行了测试)。

当我关闭并重新打开浏览器时,Cookie 仍然存在并被发送,但 RememberMe 过滤器没有被触发,然后链中的下一个过滤器是 AnonymousFilter,用户被验证为匿名并被发送回登录页面。

知道为什么吗?

applicationContext 相关部分是:

<security:http>
    <security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/stylesheets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/javascripts/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/impianti/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/buoni/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
    <security:intercept-url pattern="/**" access="ROLE_USER" />
    <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.html" />
    <security:http-basic />
    <security:logout logout-success-url="/login_redirect.jsp" logout-url="/logout" />
    <security:remember-me/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:password-encoder hash="md5" />
        <security:jdbc-user-service data-source-ref="dataSource"/>
    </security:authentication-provider>
</security:authentication-manager>

日志是:

在浏览器关闭和重新打开之前:

DEBUG: org.springframework.security.web.FilterChainProxy - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: (etc)

重新开放后:

DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@230be4'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 96789943A570362DE4B0113A5262F0CB; Granted Authorities: ROLE_ANONYMOUS'

最佳答案

检查您是否错过了记住我身份验证提供程序。

关于spring-security - Spring Security RememberMeAuthenticationFilter 未被触发,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3279425/

26 4 0
文章推荐: GWT 和 Hibernate 验证器
文章推荐: java - 将 sqLite DB 中的数据显示到不同的 TextView 中
文章推荐: java - 文件菜单上显示不可点击的文本
文章推荐: Java:处理大型 XML 文件 - 无需编码状态自动机即可提取数据?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com