-
SpringSecurity的remember-me(记住我,记住密码,免登陆)功能无效5
我用的是版本是3.0.5版本authentication-manager标签里没有erase-credentials="false"的属性,下面上配置文件请大神们指点。<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- 访问被拒绝时跳转到403界面 --> <!-- 在http标签中配置 use-expressions="true" 支持sec:authorize权限控制后在所有非java文件的地方都要使用hasRole('') --> <http entry-point-ref="authenticationProcessingFilterEntryPoint" auto-config="false" access-denied-page="/403.jsp"> <!-- 放行页面 --> <intercept-url pattern="/*.css" filters="none" /> <intercept-url pattern="/error.jsp" filters="none" /> <intercept-url pattern="/captcha.jsp" filters="none" /> <intercept-url pattern="/logout.jsp" filters="none"/> <!-- 自定义登录页面 任何人都可以访问,此属性为只有https才可以访问 requires-channel="https" --> <intercept-url pattern="/index*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="any" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <!-- 访问全部要有ROLE_JIANGYUAN或者ROLE_USER权限 --> <intercept-url pattern="/*role_admin.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- ROLE_ADMIN和ROLE_USER都不是管理员权限 --> <!-- 安全退出后的页面 --> <logout logout-success-url="/logout.jsp" invalidate-session="true" /> <!-- 两周内记住我 token-validity-seconds="300" key="springRocks" services-ref="rememberMeServices" --> <remember-me data-source-ref="dataSource" /> <!-- session管理过滤器 --> <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" /> <!-- 登录过滤器 --> <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" /> <!-- 免登陆过滤器 <custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/> --> <!-- 防止session固话攻击 --> <session-management session-fixation-protection="none" session-authentication-error-url="/time_out.jsp" invalid-session-url="/time_out.jsp" /> <!-- session相关管理 --> <session-management session-authentication-strategy-ref="sas" /> </http> <!-- 启用jsr250的注解 --> <global-method-security jsr250-annotations="enabled" /> <!-- session管理过滤器 --> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/session-expired.htm" /> </beans:bean> <!-- session管理相关注入 --> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <!-- true限制不允许第二个用户登录,false第二个登陆用户踢掉前一个登陆用户 --> <beans:property name="exceptionIfMaximumExceeded" value="false" /> <!-- 当前用户最大连接数 --> <beans:property name="maximumSessions" value="1" /> <!-- 防止session攻击 --> <!-- 每次都创建一个新的session --> <beans:property name="alwaysCreateSession" value="true"/> <!-- 不迁移session数据 --> <beans:property name="migrateSessionAttributes" value="false" /> </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <!-- session管理相关注入结束 --> <!-- 自定义登录过滤 --> <beans:bean id="loginFilter" class="filter.UsernamePasswordAuthenticationExtendFilter"> <!-- 认证器 --> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- 虚拟处理URL --> <beans:property name="filterProcessesUrl" value="/login"/> <!-- 用户名 --> <beans:property name="usernameParameter" value="username"/> <!-- 密码 --> <beans:property name="passwordParameter" value="password"/> <!-- 验证成功后的处理 --> <beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler" /> <!-- 验证失败后的处理 --> <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler" /> <!-- session管理 --> <beans:property name="sessionAuthenticationStrategy" ref="sas" /> <!-- <beans:property name="rememberMeServices" ref="rememberMeServices"/> --> </beans:bean> <!-- 开始注入登录过滤器 --> <beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/welcome.jsp"/> </beans:bean> <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <!-- 可以配置相应的跳转方式。属性forwardToDestination为true采用forward false为sendRedirect --> <beans:property name="defaultFailureUrl" value="/index.jsp?error=true"/> </beans:bean> <!-- 注入登录过滤器结束 --> <!-- 免登陆过滤器 <beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <beans:property name="rememberMeServices" ref="rememberMeServices"/> <beans:property name="authenticationManager" ref="authenticationManager"/> </beans:bean> <beans:bean id="rememberMeServices" class="filter.IPTokenBasedRememberMeServices"> <!-- 这个filter无论是自己重写的还是用Spring原声的 都不好使--> <beans:property name="userDetailsService" ref="myUserDetailService"/> <beans:property name="key" value="springRocks"/> <beans:property name="cookieName" value="springRocks"/> <beans:property name="parameter" value="_spring_security_remember_me"/> </beans:bean> --> <!-- <beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider"> <beans:property name="key" value="springRocks"/> </beans:bean>--> <!-- 认证器 --> <authentication-manager alias="authenticationManager" > <authentication-provider user-service-ref="myUserDetailService" /> </authentication-manager> <!-- 开始注入认证过滤器 --> <beans:bean id="myUserDetailService" class="filter.MyUserDetailService" /> <!-- 未登录的切入点 --> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/index.jsp"/> </beans:bean> </beans:beans>2014年10月10日 09:33
添加评论
关注(0)
目前还没有答案
相关推荐
赠送jar包:spring-security-crypto-5.5.2.jar; 赠送原API文档:spring-security-crypto-5.5.2-javadoc.jar; 赠送源代码:spring-security-crypto-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-crypto-5.6.1.jar; 赠送原API文档:spring-security-crypto-5.6.1-javadoc.jar; 赠送源代码:spring-security-crypto-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
赠送jar包:spring-security-core-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-core-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-core-5.3.9.RELEASE.jar; 赠送原API文档:spring-security-core-5.3.9.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.3.9.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
在3.0.x版本中,"remember-me"功能是Spring Security提供的一种便捷方式,允许用户在关闭浏览器后仍能在一段时间内保持登录状态,无需每次访问时都输入用户名和密码。这个特性通过在用户的cookie中存储一个持久化的...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-rsa-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-rsa-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-rsa-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-core-5.5.2.jar; 赠送原API文档:spring-security-core-5.5.2-javadoc.jar; 赠送源代码:spring-security-core-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-core-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-core-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
6. **spring-security-core-3.1.2.RELEASE.jar**:Spring Security的核心模块,包含了安全抽象,如权限表达式,访问决策管理器,以及认证和授权的基础设施。 7. **spring-aop-3.1.2.RELEASE.jar**:Spring的面向切...
spring-boot-security-saml, Spring Security saml与 Spring Boot的集成 spring-boot-security-saml这个项目在处理 spring-security-saml 和 Spring Boot 之间的平滑集成的同时,在处理内部的配置的gritty和锅炉板的...
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-web-5.6.1.jar; 赠送原API文档:spring-security-web-5.6.1-javadoc.jar; 赠送源代码:spring-security-web-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-web-5.6.1....
赠送jar包:spring-security-core-5.6.1.jar; 赠送原API文档:spring-security-core-5.6.1-javadoc.jar; 赠送源代码:spring-security-core-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-core-5.5.2.jar; 赠送原API文档:spring-security-core-5.5.2-javadoc.jar; 赠送源代码:spring-security-core-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-config-5.0.7.RELEASE.jar; 赠送原API文档:spring-security-config-5.0.7.RELEASE-javadoc.jar; 赠送源代码:spring-security-config-5.0.7.RELEASE-sources.jar; 赠送Maven依赖信息...
赠送jar包:spring-security-web-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-web-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-web-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
赠送jar包:spring-security-core-5.6.1.jar; 赠送原API文档:spring-security-core-5.6.1-javadoc.jar; 赠送源代码:spring-security-core-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-core-...