<http auto-config="true" use-expressions="true">
<intercept-url pattern="/css/**" access="permitAll"/>
<intercept-url pattern="/fonts/**" access="permitAll"/>
<intercept-url pattern="/js/**" access="permitAll"/>
<intercept-url pattern="/signup.html*" access="permitAll"/>
<intercept-url pattern="/login.html*" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<remember-me services-ref="enhancedTokenRememberMeServices"/>
<form-login login-page="/login.html" default-target-url="/home.html" login-processing-url="/login"
username-parameter="username" password-parameter="password"/>
<logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
</http>
-
自定义remember me service
<beans:bean id="enhancedPersistentTokenBasedRememberMeServices" class="com.aasonwu.mycompany.EnhancedPersistentTokenBasedRememberMeServices">
<beans:constructor-arg type="java.lang.String"
value="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
<beans:constructor-arg type="org.springframework.security.core.userdetails.UserDetailsService"
ref="userDao"/>
<beans:constructor-arg type="org.springframework.security.web.authentication.rememberme.PersistentTokenRepository"
ref="jdbcTokenRepository" />
<beans:property name="cookieName" value="MYCOMPANY_REMEMBER_ME"/>
<beans:property name="parameter" value="remember_me"/>
</beans:bean>
-
运行时遇到出错
org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64) ~[RememberMeAuthenticationProvider.class:3.2.2.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) ~[ProviderManager.class:3.2.2.RELEASE]
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102) ~[RememberMeAuthenticationFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [SecurityContextHolderAwareRequestFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [RequestCacheAwareFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [BasicAuthenticationFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [AbstractAuthenticationProcessingFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [LogoutFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [WebAsyncManagerIntegrationFilter.class:3.2.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [OncePerRequestFilter.class:4.0.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [SecurityContextPersistenceFilter.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [FilterChainProxy$VirtualFilterChain.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [FilterChainProxy.class:3.2.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [FilterChainProxy.class:3.2.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [DelegatingFilterProxy.class:4.0.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [DelegatingFilterProxy.class:4.0.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) [SiteMeshFilter.class:na]
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) [SiteMeshFilter.class:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:221) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:107) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:76) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:934) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:90) [catalina.jar:8.0.0-RC10]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [catalina.jar:8.0.0-RC10]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1015) [tomcat-coyote.jar:8.0.0-RC10]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:646) [tomcat-coyote.jar:8.0.0-RC10]
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:277) [tomcat-coyote.jar:8.0.0-RC10]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2451) [tomcat-coyote.jar:8.0.0-RC10]
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2440) [tomcat-coyote.jar:8.0.0-RC10]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Interactive login attempt was unsuccessful.
60123 [http-apr-8080-exec-1] DEBUG c.a.m.EnhancedTokenRememberMeServices - Cancelling cookie
-
解决问题方案。在remember-me 标签上添加key属性,与remember-me bean中的key相同,即可
<remember-me services-ref="enhancedTokenRememberMeServices"
key="BoSk70Yar38~veg91DoCKs=sLaIn!metE55bURgs71rug;ILEa=Ikon79sept+ree$Fuel99baKER;wOe43JackS=TinS79babA73tiLmibs10bIsE*"/>
分享到:
相关推荐
springsecurity中使用MD5编码所需要的JAR包,包括org.springframework.security.authentication.encoding.Md5PasswordEncoder
<groupId>org.springframework.boot <artifactId>spring-boot-starter-security ``` 这样,SpringBoot会自动配置一部分SpringSecurity的基础功能,包括默认的登录页面、HTTP基本认证等。 接下来,Spring...
在`org.springframework.security.authentication`包下,有多种认证机制,如UsernamePasswordAuthenticationToken、RememberMeAuthenticationToken等。这些类用于封装用户提供的认证信息,并通过...
- `org.springframework.ldap.authentication`:处理LDAP身份验证的逻辑。 - `org.springframework.ldap.control`:控制LDAP会话的类。 - `org.springframework.ldap.filter`:用于构建和操作LDAP过滤器的类。 - `...
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration @EnableWebSecurity public class SecurityConfig extends ...
根据提供的文件信息,可以推断这是一本关于Spring Security的专业书籍,书名为《Pro+Spring+Security》,主要面向Java开发者。该书深入探讨了Spring Security框架,涵盖了从基础的安全概念到高级的安全策略实施。接...
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core...
- **org.springframework.ldap.authentication**:关注于 LDAP 认证相关的类和接口。 - **org.springframework.ldap.control**:包含了对 LDAP 控制的处理。 - **org.springframework.ldap.filter**:这个子包负责...
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> ``` 2. **applicationContext-security.xml**: 定义 Spring Security 的配置。 ```xml <beans:beans xmlns=...
Spring Security是一个功能强大的、可高度定制的认证和访问控制框架,它是针对Java企业应用的安全需求提供的解决方案,尤其适用于Spring应用程序。本入门经典教程旨在为读者提供Spring Security的入门知识,帮助读者...
- `org.springframework.ldap.authentication`:认证相关类。 - `org.springframework.ldap.control`:控制 LDAP 操作的类。 - `org.springframework.ldap.filter`:LDAP 过滤器相关类。 - `org.springframework....
import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.Authentication; import java.util.Collection; public class ...
6. org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter UsernamePasswordAuthenticationFilter 负责认证操作,默认匹配 URL 为 /login 且必须为 POST 请求。 7. org.spring...
<groupId>org.springframework.security <artifactId>spring-security-web <version>3.2.0.RELEASE <groupId>org.springframework.security <artifactId>spring-security-config <version>3.2.0.RELEASE ...
Hands-On Spring Security 5 for Reactive Applications starts with the essential concepts of reactive programming, Spring Framework, and Spring Security. You will then learn about a variety of ...
- `org.springframework.ldap.authentication`:认证相关的类和接口。 - `org.springframework.ldap.control`:控制LDAP连接的类和接口。 - `org.springframework.ldap.filter`:用于构建LDAP查询过滤器。 - `org....
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <bean id="userDetailsService" class="com.example.UserDetailsService"/> ...
6. `org.springframework.jdbc-3.0.5.RELEASE.jar`: 该包提供了与JDBC数据库访问的抽象层,Spring Security可以利用它来存储用户凭证和权限信息,例如使用JDBC Realm实现认证。 7. `org.springframework.core-3.0.5...
#authentication representing the Spring Security authentication object (an object implementing the org.springframework.security.core.Authentication interface). #authorization: a expression utility ...
<groupId>org.springframework.security <artifactId>spring-security-config <version>5.6.2 <groupId>org.springframework.security <artifactId>spring-security-web <version>5.6.2 <!-- 其他...