我成功地使用 Spring Boot 安全性实现了记住我,并将数据存储在我的表 persistent_logins(username,series,token,last_used) 中,并在浏览器的 coockies 中找到它。我的问题是当我从浏览器中删除 Jsessionid 并刷新它时,浏览器重定向到登录页面并且不在同一页面中:
这是我的 SecurityConfigWeb.java:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/sentEmail").permitAll();
http.authorizeRequests().antMatchers("/contactUs").permitAll();
http.authorizeRequests().antMatchers("/reset").permitAll();
http.authorizeRequests().antMatchers(Constants.PATTERN1).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN2).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN3).permitAll().and().rememberMe().rememberMeServices(rememberMeServices());
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage(Constants.URL_PATH).successHandler(this.authSuccess).failureHandler(this.authFailure).permitAll();
http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(this.logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();
http.csrf().disable();}
@Bean
public BCrypt bCryptPasswordEncoder() {
return new BCrypt();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
public AbstractRememberMeServices rememberMeServices() {
PersistentTokenBasedRememberMeServices rememberMeServices =
new PersistentTokenBasedRememberMeServices("AppKey",userDetailsService(),persistentTokenRepository());
rememberMeServices.setParameter("rememberMe");
rememberMeServices.setAlwaysRemember(true);
rememberMeServices.setCookieName("javasampleapproach-remember-me");
rememberMeServices.setTokenValiditySeconds(24 * 60 * 60);
return rememberMeServices;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource); …