spring security之Remember Me

2021-07-01 20:04

阅读:445

标签:inter   struct   tail   pattern   osi   handler   退出   out   for   

spring-security.xml配置

环境:

spring版本:5.0.7.RELEASE

spring-security.xml引入:

http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd

1、添加以下remember-me服务需要的bean:

    
    beans:bean id="myRememberMeAuthenticationProvider" class=
            "org.springframework.security.authentication.RememberMeAuthenticationProvider">
        beans:constructor-arg name="key" value="xxxxxxxx"/>
    beans:bean>

    
    beans:bean id="myRememberMeAuthenticationFilter" class=
            "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
        beans:constructor-arg name="rememberMeServices" ref="myRememberMeServices"/>
        beans:constructor-arg name="authenticationManager" ref="authenticationManager" />
    beans:bean>

    
    beans:bean id="myRememberMeServices" class=
            "org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
        beans:constructor-arg name="key" value="xxxxxxxx"/>
        beans:constructor-arg name="userDetailsService" ref="myUserDetailService"/>
        beans:constructor-arg name="tokenRepository" ref="myPersistentTokenRepository"/>
        beans:property name="tokenValiditySeconds" value="86400"/>
    beans:bean>
    
    beans:bean id="myPersistentTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
        beans:property name="dataSource" ref="dataSource"/>
    beans:bean>

 

2、

添加你的RememberMeServices实现UsernamePasswordAuthenticationFilter.setRememberMeServices()的属性

包括RememberMeAuthenticationProviderAuthenticationManager.setProviders()中的列表,

并添加RememberMeAuthenticationFilter到你的FilterChainProxy(一般在你的UsernamePasswordAuthenticationFilter之后)

详细如下:

    http auto-config="false" use-expressions="true" entry-point-ref="myLoginUrlAuthenticationEntryPoint">
        intercept-url pattern="/**" access="authenticated"/>

        custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER"/>

        custom-filter  ref="myRememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/>

        
        logout logout-url="/logout"
                logout-success-url="/login"
                invalidate-session="true"
                delete-cookies="JSESSIONID"/>

        
        session-management invalid-session-url="/login">
            concurrency-control max-sessions="1"/>
        session-management>

        csrf disabled="true" />

    http>
    
    beans:bean id="loginAuthenticationFilter"
                class="com.example.demo.web.security.MyUsernamePasswordAuthenticationFilter">
        beans:property name="usernameParameter" value="name"/>             
        beans:property name="passwordParameter" value="pass"/>             
        beans:property name="filterProcessesUrl" value="/signin"/>    
        beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler"/>
        beans:property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler"/>
        beans:property name="authenticationManager" ref="authenticationManager"/>
        beans:property name="rememberMeServices" ref="myRememberMeServices"/>
    beans:bean>

    
    authentication-manager alias="authenticationManager">
        authentication-provider ref="myDaoAuthenticationProvider"/>
        authentication-provider ref="myRememberMeAuthenticationProvider"/>
    authentication-manager>

 

spring security之Remember Me

标签:inter   struct   tail   pattern   osi   handler   退出   out   for   

原文地址:https://www.cnblogs.com/amunamuna/p/9636360.html


评论


亲,登录后才可以留言!