个人中心
gpt4 book ai didi

spring-security - Spring security Remember me 在 spring MVC 应用程序中不起作用。

转载 作者:行者123 更新时间:2023-12-02 02:20:59 25 4
gpt4 key购买 nike

身份验证和授权工作正常。但请记住我在应用程序中无法正常工作。

我已经使用了数据库身份验证和使用 spring security 的 ldap 身份验证(一次只有一个),并进行了大量的 spring security 定制。

下面是我的 spring 安全上下文文件。 

    <?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <context:property-placeholder location="classpath:/application.properties"/>                                                        

    <http use-expressions="true">
        <intercept-url pattern="/resources/**" filters="none" />
        <intercept-url pattern="/login" access="permitAll"/>
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <form-login login-page="/login"/>
        <logout invalidate-session="true"
                logout-success-url="/"
                logout-url="/logout"/>
        <remember-me key="myApp2" />
        <custom-filter before="FORM_LOGIN_FILTER" ref="applicationAuthenticationFilter"/>
    </http>

    <beans:bean id="applicationAuthenticationFilter" class="com.myApp.security.DmxAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationFailureHandler" ref="failureHandler"/>
        <beans:property name="authenticationSuccessHandler" ref="successHandler"/>
        <beans:property name="authenticationMethod" value="${authenticationMethod}"/>
    </beans:bean>

    <beans:bean id="successHandler"
      class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/home"/>
        <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
    </beans:bean>

    <beans:bean id="failureHandler"
      class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/login?login_error=1"/>
    </beans:bean>

    <beans:bean id="accessControlService" class="com.myApp.services.AccessControlService"/>
    <beans:bean id="userService" class="com.myApp.services.UserService"/>
    <beans:bean id="roleService" class="com.myApp.services.RoleService"/>
    <beans:bean id="lookupService" class="com.myApp.services.LookupService"/>

    <beans:bean id= "userDetailsService" class="com.myApp.security.DmxUsersDetailsServiceImpl">
        <beans:property name="accessControlService" ref="accessControlService"/> 
    </beans:bean>   

    <beans:bean id="databaseAuthenticationProvider" class="com.myApp.security.DmxAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService"/>
       <!-- <beans:property name="hideUserNotFoundExceptions" value="false"/> -->
    </beans:bean>

    <!-- ================ LDAP configuration STARTS here ================ -->

    <beans:bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">  
        <beans:constructor-arg value="${ldap.url}"/>  
        <beans:property name="userDn" value="${ldap.userDn}"/>  
        <beans:property name="password" value="${ldap.password}"/>
        <!--
        <beans:property name="baseEnvironmentProperties">
            <beans:map>
                <beans:entry key="java.naming.referral" value="follow" />
            </beans:map>
        </beans:property>
        -->
    </beans:bean>  

    <beans:bean id="ldapSearchBean" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">  
        <beans:constructor-arg value="${ldap.userSearchBase}"/>  
        <beans:constructor-arg value="${ldap.userSearchFilter}"/>  
        <beans:constructor-arg ref="ldapServer"/>  
    </beans:bean>  

    <beans:bean id="ldapAuthenticationProvider" class="com.myApp.security.DmxLdapAuthenticationProvider">  
        <beans:constructor-arg ref="ldapBindAuthenticator"/>  
        <beans:constructor-arg ref="ldapAuthoritiesPopulator"/>  
        <beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>  
    </beans:bean> 

    <beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">  
        <beans:constructor-arg ref="ldapServer"/>  
        <beans:property name="userSearch" ref="ldapSearchBean"/>  
    </beans:bean>  

    <beans:bean id="ldapAuthoritiesPopulator" class="com.myApp.security.DmxLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="ldapServer" />
        <beans:constructor-arg value="" />
        <beans:property name="groupSearchFilter" value="${ldap.groupSearchFilter}"/>
        <beans:property name="groupRoleAttribute" value="${ldap.groupRoleAttribute}" />
        <beans:property name="rolePrefix" value=""/>
        <beans:property name="searchSubtree" value="true"/>
        <beans:property name="convertToUpperCase" value="false"/>
        <beans:property name="ldapTemplate" ref="ldapTemplate"/> 
    </beans:bean>

    <beans:bean id= "dmxUsersMapper" class="com.myApp.security.DmxUsersMapper">
        <beans:property name="accessControlService" ref="accessControlService"/>
        <beans:property name="userService" ref="userService"/>
        <beans:property name="roleService" ref="roleService"/>
        <beans:property name="lookupService" ref="lookupService"/>
        <beans:property name="organizationUname" value="${organizationUname}"/>
        <beans:property name="companyUname" value="${companyUname}"/>
        <beans:property name="ldapUsername" value="${ldap.db.userName}"/>
        <beans:property name="password" value="${ldap.db.password}"/>
    </beans:bean>    

    <beans:bean class="com.myApp.security.DmxLdapUserDetailsMapper" id="ldapUserDetailsContextMapper">
        <beans:property name="dmxUsersMapper" ref="dmxUsersMapper"/> 
    </beans:bean>

    <beans:bean id="ldapTemplate" class="org.springframework.security.ldap.SpringSecurityLdapTemplate">
        <beans:constructor-arg ref="ldapServer" />
        <beans:property name="ignorePartialResultException" value="true"/>
    </beans:bean>

    <!-- ================ LDAP configuration ENDS here ================ -->

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="databaseAuthenticationProvider" />
        <authentication-provider ref="ldapAuthenticationProvider"/>  
    </authentication-manager> 

    <beans:bean id="messageSource"
        class="org.springframework.context.support.ResourceBundleMessageSource">
        <beans:property name="basenames">
            <beans:list>
                <beans:value>com/myApp/resourceBundles/SecurityMessages</beans:value>
            </beans:list>
        </beans:property>            
    </beans:bean>

</beans:beans>

下面是我的登录页面。

    <form action="j_dmx_security_filter" method="post">
    <table border="0" class="section_tbl2">
        <tr>
            <td><label for="j_organization">Organization</label> </td>
            <td> : </td>
            <td><input id="j_organization" name="j_organization" size="20" maxlength="50"
                       type="text" class="txtinput"/></td>
        </tr>

        <tr>
            <td> <label for="j_company">Company</label></td>
            <td> : </td>
            <td> <input id="j_company" name="j_company" size="20" maxlength="50"
                        type="text" class="txtinput"/></td>
        </tr>
        <tr>
            <td><label for="j_username">Username</label>  </td>
            <td> : </td>
            <td><input id="j_username" name="j_username" size="20" maxlength="50"
                       type="text" class="txtinput"/></td>
        </tr>
        <tr>
            <td><label for="j_password">Password</label>  </td>
            <td> : </td>
            <td><input id="j_password" name="j_password" size="20" maxlength="50"
                       type="password" class="txtinput"/></td>
        </tr>
        <tr>
            <td></td>
            <td></td>
            <td> <input type="submit" value="Login"/></td>
        </tr>
        <tr>
            <td></td>
            <td></td>
            <td> <input id="_spring_security_remember_me" name="_spring_security_
                        remember_me" type="checkbox" value="true"/>
                <label for="_spring_security_remember_me">Remember Me?</label></td>
        </tr>
    </table>
</form>

记住我 token 本身没有被创建。

请帮忙。

最佳答案

为了提供帮助,RememberMe 的相关 beans 定义在哪里?比如

<bean id="rememberMeServices" class=
        "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="jpaUserDetailsService"/>
    <property name="key" value="89dqj219dn910lsAc12"/>
</bean>

<bean id="rememberMeAuthenticationProvider" class=
        "org.springframework.security.authentication.RememberMeAuthenticationProvider">
    <property name="key" value="89dqj219dn910lsAc12"/>
</bean>

(这太长了,不能写成评论,所以我把它写成“答案”……抱歉)

关于spring-security - Spring security Remember me 在 spring MVC 应用程序中不起作用。,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8226097/

25 4 0
文章推荐: facebook - 尝试使用 FQL : Why do some friends return an empty set? 读取 Facebook 中的好友链接
文章推荐: FullCalendar - Google 日历事件颜色
文章推荐: plone - 如何让 instance-Z2.log 注册实际的用户名?
文章推荐: list - 方案 - 列表的子集
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com