- 浏览: 194082 次
- 性别:
- 来自: 南京
文章分类
最新评论
前言:
本篇文章简单介绍spring-security给我们提供的remember me功能的使用方法,参数名、配置方式采用spring默认配置,后续章节进一步探讨时会详细说明自定义的方式。
环境:
spring boot 版本:1.5.4.RELEASE
1.项目结构
application.yml文件是放在src/main/resources/目录下
2.配置类SecurityConfig.java
为了简单,这个示例中禁止了csrf检查,利用基于memory的认证
2.启动类RemeberMeApp.java
3.项目的pom.xml
4.登录页面login.html
设置了一个名称为remember-me 的checkbox,因为采用spring 默认配置,此处名字必须叫这个
5.登录成功后默认的欢迎页index.html
6.项目配置文件application.yml
因为spring 内嵌tomcat的session的默认存活时间是30分钟,这里为了更好的验证remember me功能,我们把session的存活时间改成了2分钟
7.启动项目
选中启动类,选择 Run As -> Java application,正常启动后,在浏览器中输入
http://localhost:8080/login.html,正常情况下,将进入如下界面
输入用户名:user,密码:password,选中Remember me,点击login,之后我们会被重定向到欢迎页
之后让我们等待超过两分钟等着session过期,重新刷新界面,会发现我们仍然处于login状态,如果我们在之前的login界面没有选中remember me,在这个页面等待超过两分钟刷新后我们将被重新定向到login页面,要求我们重新登录
默认情况下,spring默认采用的是TokenBasedRememberMeServices,在这个类的onLoginSuccess方法中可以明确看出默认的记住时长是TWO_WEEKS_S(两周)
下载源码
本篇文章简单介绍spring-security给我们提供的remember me功能的使用方法,参数名、配置方式采用spring默认配置,后续章节进一步探讨时会详细说明自定义的方式。
环境:
spring boot 版本:1.5.4.RELEASE
1.项目结构
application.yml文件是放在src/main/resources/目录下
2.配置类SecurityConfig.java
/** * */ package nariis.chengf.security.samples.javaconfig.remeberme; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * @author: 作者: chengaofeng * @date: 创建时间:2018-01-16 19:32:47 * @Description: TODO * @version V1.0 */ @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void auth(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password("password").authorities("ROLE_USER"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login.html") .permitAll() .and() .rememberMe() .and() .logout() .logoutSuccessUrl("/login.html"); } }
为了简单,这个示例中禁止了csrf检查,利用基于memory的认证
2.启动类RemeberMeApp.java
package nariis.chengf.security.samples.javaconfig.remeberme; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * Hello world! * */ @SpringBootApplication public class RemeberMeApp { public static void main( String[] args ) { SpringApplication.run(RemeberMeApp.class, args); } }
3.项目的pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>nariis.chengf</groupId> <artifactId>security-samples-javaconfig-remeberme</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>security-samples-javaconfig-remeberme</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.4.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <executions> <execution> <goals> <goal>repackage</goal> </goals> </execution> </executions> <configuration> <mainClass>${start-class}</mainClass> </configuration> </plugin> </plugins> </build> </project>
4.登录页面login.html
<html xmlns:th="http://www.thymeleaf.org"> <head th:include="layout :: head(title=~{::title},links=~{})"> <title>Please Login</title> </head> <body th:include="layout :: body" th:with="content=~{::content}"> <div th:fragment="content"> <form name="f" th:action="@{/login}" method="post"> <fieldset> <legend>Please Login</legend> <div th:if="${param.error}" class="alert alert-error">Invalid username and password.</div> <div th:if="${param.logout}" class="alert alert-success">You have been logged out.</div> <label for="username">Username</label> <input type="text" id="username" name="username" /> <label for="password">Password</label> <input type="password" id="password" name="password" /> <label for="remember-me">Remember Me?</label> <input type="checkbox" id="remember-me" name="remember-me" /> <div class="form-actions"> <button type="submit" class="btn">Log in</button> </div> </fieldset> </form> </div> </body> </html>
设置了一个名称为remember-me 的checkbox,因为采用spring 默认配置,此处名字必须叫这个
5.登录成功后默认的欢迎页index.html
<!DOCTYPE html> <html> <head> <title>Static</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> hello! wait for 2 minutes and refresh the browser,you will still be here. </body> </html>
6.项目配置文件application.yml
server: session: timeout: 120
因为spring 内嵌tomcat的session的默认存活时间是30分钟,这里为了更好的验证remember me功能,我们把session的存活时间改成了2分钟
7.启动项目
选中启动类,选择 Run As -> Java application,正常启动后,在浏览器中输入
http://localhost:8080/login.html,正常情况下,将进入如下界面
输入用户名:user,密码:password,选中Remember me,点击login,之后我们会被重定向到欢迎页
之后让我们等待超过两分钟等着session过期,重新刷新界面,会发现我们仍然处于login状态,如果我们在之前的login界面没有选中remember me,在这个页面等待超过两分钟刷新后我们将被重新定向到login页面,要求我们重新登录
默认情况下,spring默认采用的是TokenBasedRememberMeServices,在这个类的onLoginSuccess方法中可以明确看出默认的记住时长是TWO_WEEKS_S(两周)
下载源码
发表评论
-
spring-security(二十五)鉴权
2018-03-27 11:21 1601前言 本文将详细探讨spring security中的鉴权 ... -
test
2018-03-19 21:20 0什么是服务发现 ... -
spring-security(二十四)CSRF
2018-03-24 09:54 81641.什么是CSRF攻击 下面我们以一个具体的例子来说明这种常见 ... -
spring-security(二十三)Remember-Me认证
2018-03-09 21:06 1340前言: Remember-me认证方式指的是能在不同的会话 ... -
spring-security(二十二)基本认证和摘要认证
2018-03-06 16:58 1804前言: 在web应用中,非常流行以基本认证和摘要认证作为备 ... -
spring-security(二十一)核心Filter-UsernamePasswordAuthenticationFilter
2018-03-04 11:05 1241一、UsernamePasswordAuthenticatio ... -
spring-security(二十)核心Filter-SecurityContextPersistenceFilter
2018-02-28 21:40 1132一、SecurityContextPersistenceFil ... -
spring-security(十九)核心Filter-ExceptionTranslationFilter
2018-02-27 16:31 2064前言: 在spring的安全 ... -
spring-security(十八)核心Filter-FilterSecurityInterceptor
2018-02-25 10:59 2350前言: 当用spring secur ... -
spring-security(二十六)整合CAS 实现SSO
2018-04-05 18:09 12461.cas 认证流程 2.spring security ... -
spring-security(十七)Filter顺序及简介
2018-02-22 18:16 7903前言: spring security在 ... -
spring-security(十六)Filter配置原理
2018-02-21 15:18 2387前言: spring security最常见的应用场景还是 ... -
spring-security(十五) Password编码
2018-02-19 15:15 1228前言: 在实际应用中 ... -
spring-security(十四)UserDetailsService
2018-02-19 11:35 1476前言: 作为spring security的核心类,大多数 ... -
spring-security(十三)核心服务类
2018-02-18 16:46 1418前言: 在之前的篇章中我们已经讲述了spring secu ... -
spring-security(十二)鉴权方式概述
2018-02-18 10:42 2527前言: 本文主要讲述在spring security鉴权的 ... -
spring-security(十一)Web应用认证过程
2018-02-17 17:17 1238前言: 本文将探讨当 ... -
spring-security(十)基本认证过程
2018-02-17 13:55 2108前言: 在spring security中认证具体指的是什 ... -
spring-security(九)-核心组件
2018-02-17 10:46 869前言: 本文主要介绍在spring security中的几 ... -
spring-security(八)java config-sample之cas client
2018-02-16 11:26 2071前言: SSO英文全称Single Sign On,单点登 ...
相关推荐
赠送jar包:spring-security-config-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-config-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-config-5.5.2.jar; 赠送原API文档:spring-security-config-5.5.2-javadoc.jar; 赠送源代码:spring-security-config-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-config-5.3.9.RELEASE.jar; 赠送原API文档:spring-security-config-5.3.9.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-5.3.9.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-config-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-config-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-config-5.6.1.jar; 赠送原API文档:spring-security-config-5.6.1-javadoc.jar; 赠送源代码:spring-security-config-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-config-4.2.8.RELEASE.jar; 赠送原API文档:spring-security-config-4.2.8.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-4.2.8.RELEASE-sources.jar; 包含翻译后的...
赠送jar包:spring-security-crypto-5.6.1.jar; 赠送原API文档:spring-security-crypto-5.6.1-javadoc.jar; 赠送源代码:spring-security-crypto-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-crypto-5.5.2.jar; 赠送原API文档:spring-security-crypto-5.5.2-javadoc.jar; 赠送源代码:spring-security-crypto-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-core-5.3.9.RELEASE.jar; 赠送原API文档:spring-security-core-5.3.9.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.3.9.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-rsa-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-rsa-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-rsa-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-core-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-core-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-config-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-config-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-config-5.6.1.jar; 赠送原API文档:spring-security-config-5.6.1-javadoc.jar; 赠送源代码:spring-security-config-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-core-5.5.2.jar; 赠送原API文档:spring-security-core-5.5.2-javadoc.jar; 赠送源代码:spring-security-core-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-core-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-core-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-web-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-web-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-web-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
10. **spring-security-config-3.1.2.RELEASE.jar**:提供了基于XML或Java的配置方式,用于定义安全规则和策略,如定义访问控制列表,自定义过滤器链等。 通过以上这些jar包,我们可以深入研究Spring Security Web...