问题
How can i configure remember-me service in spring security.Am using spring3.0 +hibernate3+ struts2.I have tried as below.
login.jsp
<input type="checkbox" name="_spring_security_remember_me"/>remember-me
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<description>SpringSecurity安全配置</description>
<!-- http安全配置 -->
<s:http auto-config="true" use-expressions="true" >
<s:intercept-url pattern="/css/**" filters="none" />
<s:intercept-url pattern="/img/**" filters="none" />
<s:intercept-url pattern="/js/**" filters="none" />
<s:intercept-url pattern="/account/user!save*" access="hasAnyRole('ROLE_修改用户')" />
<s:intercept-url pattern="/account/user!delete*" access="hasAnyRole('ROLE_修改用户')" />
<s:intercept-url pattern="/account/user*" access="hasAnyRole('ROLE_浏览用户')" />
<s:intercept-url pattern="/account/role!save*" access="hasAnyRole('ROLE_修改角色')" />
<s:intercept-url pattern="/account/role!delete*" access="hasAnyRole('ROLE_修改角色')" />
<s:intercept-url pattern="/account/role*" access="hasAnyRole('ROLE_浏览角色')" />
<s:form-login login-page="/login.action" default-target-url="/" authentication-failure-url="/login.action?error=true" />
<s:logout logout-success-url="/" />
<s:remember-me/>
</s:http>
<!-- 认证配置, 使用userDetailsService提供的用户信息 -->
<s:authentication-manager erase-credentials="false">
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder hash="plaintext" />
</s:authentication-provider>
</s:authentication-manager>
<!-- 项目实现的用户查询服务 -->
<bean id="userDetailsService" class="net.top.system.service.account.UserDetailsServiceImpl" />
</beans>
But no use at all.What else i need to configure in my application.
回答1:
In order to make an application that is already secured with Spring, needed to add the following to the XML:
<sec:http authentication-manager-ref="authenticationManager">
<sec:intercept-url pattern="/secure/**" access="ROLE_USER" />
<sec:form-login/>
<sec:custom-filter … />
<sec:remember-me
data-source-ref="dataSource"
user-service-ref="userDetailsService"/>
</sec:http>
Note that using “data-source” is not a "must", but it actually declares that you want to use a JDBC persistent token. (In this case, Spring works with PersistentTokenBasedRememberMeServices.) Of course the data source bean has to be declared in the XML.
As documented by Spring , a table names persistent_logins has to exist in the DB.
The “userDetailsService” is a ref to the UserService bean, where the users and passwords are declared. It can be in the XML or point to the DB as well.
In run time, Spring creates a Cookie called SPRING_SECURITY_REMEMBER_ME_COOKIE( ) . It is seen with the “JSESSION” Cookie. It we delete the JSESSION (meaning we open a brand new session, just like reopen the browser) the “remember me” cookie remembers the last login, and creates a new JSESSION.
HTH :-)
来源:https://stackoverflow.com/questions/13893415/configuring-remember-me-in-spring-security