sle*_*men 1 spring-security spring-boot
我成功地使用 Spring Boot 安全性实现了记住我,并将数据存储在我的表 persistent_logins(username,series,token,last_used) 中,并在浏览器的 coockies 中找到它。我的问题是当我从浏览器中删除 Jsessionid 并刷新它时,浏览器重定向到登录页面并且不在同一页面中:
这是我的 SecurityConfigWeb.java:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/sentEmail").permitAll();
http.authorizeRequests().antMatchers("/contactUs").permitAll();
http.authorizeRequests().antMatchers("/reset").permitAll();
http.authorizeRequests().antMatchers(Constants.PATTERN1).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN2).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN3).permitAll().and().rememberMe().rememberMeServices(rememberMeServices());
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage(Constants.URL_PATH).successHandler(this.authSuccess).failureHandler(this.authFailure).permitAll();
http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(this.logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();
http.csrf().disable();}
@Bean
public BCrypt bCryptPasswordEncoder() {
return new BCrypt();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
public AbstractRememberMeServices rememberMeServices() {
PersistentTokenBasedRememberMeServices rememberMeServices =
new PersistentTokenBasedRememberMeServices("AppKey",userDetailsService(),persistentTokenRepository());
rememberMeServices.setParameter("rememberMe");
rememberMeServices.setAlwaysRemember(true);
rememberMeServices.setCookieName("javasampleapproach-remember-me");
rememberMeServices.setTokenValiditySeconds(24 * 60 * 60);
return rememberMeServices;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
return tokenRepository;}
这是我的 login.html 用于记住我:
<div class="checkboxDiv">
<input type="checkbox" name="remember-me" value="true"> <label class="check" for="checkbox">Stay Logged In</label>
</div>
任何帮助。提前致谢
问题是您在多个语句中配置了安全性,而不是使用 fluent api。
http.authorizeRequests().antMatchers(Constants.PATHPATTERN3).permitAll().and().rememberMe().rememberMeServices(rememberMeServices());
通过这一行,您激活了“记住我”功能,但仅适用于Constants.PATHPATTERN3. 因此,如果您想为所有端点激活记住我,您的安全配置应该是这样的。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/sentEmail", "/contactUs", "/reset", Constants.PATTERN1,Constants.PATHPATTERN2, Constants.PATHPATTERN3).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessHandler(this.logoutSuccess).permitAll()
.and()
.formLogin()
.loginPage(Constants.URL_PATH)
.successHandler(this.authSuccess)
.failureHandler(this.authFailure).permitAll()
.and()
.rememberMe()
.tokenRepository(persistentTokenRepository())
.key("AppKey")
.alwaysRemember(true)
.rememberMeParameter("rememberMe")
.rememberMeCookieName("javasampleapproach-remember-me")
.tokenValiditySeconds(24 * 60 * 60)
.and()
csfr().disable();
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
return tokenRepository;
}
通过这种方式,您可以一次性配置所有内容。
| 归档时间: |
|
| 查看次数: |
2148 次 |
| 最近记录: |