spring security之Remember Me
阿新 • • 發佈:2018-09-12
ons token 表單 ssh -- rate demo dao val
spring-security.xml配置
環境:
spring版本:5.0.7.RELEASE
spring-security.xml引入:
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd
1、添加以下remember-me服務需要的bean:
<!--rememberMe--> <beans:bean id="myRememberMeAuthenticationProvider" class= "org.springframework.security.authentication.RememberMeAuthenticationProvider"> <beans:constructor-arg name="key" value="xxxxxxxx"/> </beans:bean> <!--不能與http標簽中的remember-me同時存在,否則會報have the same ‘order‘ value--> <beans:bean id="myRememberMeAuthenticationFilter" class= "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <beans:constructor-arg name="rememberMeServices" ref="myRememberMeServices"/> <beans:constructor-argname="authenticationManager" ref="authenticationManager" /> </beans:bean> <!-- RememberMeServices的實現 --> <beans:bean id="myRememberMeServices" class= "org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> <beans:constructor-arg name="key" value="xxxxxxxx"/> <beans:constructor-arg name="userDetailsService" ref="myUserDetailService"/> <beans:constructor-arg name="tokenRepository" ref="myPersistentTokenRepository"/> <beans:property name="tokenValiditySeconds" value="86400"/><!--1天--> </beans:bean> <!--持久化token,存入數據庫persistent_logins表中--> <beans:bean id="myPersistentTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl"> <beans:property name="dataSource" ref="dataSource"/> </beans:bean>
2、
添加你的RememberMeServices
實現UsernamePasswordAuthenticationFilter.setRememberMeServices()
的屬性
包括RememberMeAuthenticationProvider
在AuthenticationManager.setProviders()
中的列表,
並添加RememberMeAuthenticationFilter
到你的FilterChainProxy
(一般在你的UsernamePasswordAuthenticationFilter
之後)
詳細如下:
<http auto-config="false" use-expressions="true" entry-point-ref="myLoginUrlAuthenticationEntryPoint"> <intercept-url pattern="/**" access="authenticated"/> <custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER"/> <custom-filter ref="myRememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/> <!--用戶退出的時候清空session以及刪除JSESSIONID的cookies 只有logout-url為/logout時,才會觸發CookieClearingLogoutHandler的logout方法--> <logout logout-url="/logout" logout-success-url="/login" invalidate-session="true" delete-cookies="JSESSIONID"/> <!--session-authentication-strategy-ref表示會話的身份驗證策略--> <session-management invalid-session-url="/login"> <concurrency-control max-sessions="1"/> </session-management> <csrf disabled="true" /> </http> <!--不能與form-login同時存在,因為它功能相當於調用http.formLogin()。同時出現,會報have the same ‘order‘ value.--> <beans:bean id="loginAuthenticationFilter" class="com.example.demo.web.security.MyUsernamePasswordAuthenticationFilter"> <beans:property name="usernameParameter" value="name"/> <!--對應登錄時的用戶名需要傳的參數名稱--> <beans:property name="passwordParameter" value="pass"/> <!--對應登錄時的密碼提交時的參數名稱--> <beans:property name="filterProcessesUrl" value="/signin"/> <!--表單提交地址--> <beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler"/> <beans:property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler"/> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="rememberMeServices" ref="myRememberMeServices"/> </beans:bean> <!-- 驗證配置 , 認證管理器,實現用戶認證的入口,主要實現UserDetailsService接口即可 --> <authentication-manager alias="authenticationManager"> <authentication-provider ref="myDaoAuthenticationProvider"/> <authentication-provider ref="myRememberMeAuthenticationProvider"/> </authentication-manager>
spring security之Remember Me