我成功地使用spring boot安全性实现了remember-me,并将数据存储在我的表persistent_logins(username,series,token,last_used)中,并在我的浏览器中找到它。我的问题是当我从浏览器中删除Jsessionid并刷新浏览器重定向到登录页面时,不要在同一页面中:
这是我的SecurityConfigWeb.java:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/sentEmail").permitAll();
http.authorizeRequests().antMatchers("/contactUs").permitAll();
http.authorizeRequests().antMatchers("/reset").permitAll();
http.authorizeRequests().antMatchers(Constants.PATTERN1).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN2).permitAll();
http.authorizeRequests().antMatchers(Constants.PATHPATTERN3).permitAll().and().rememberMe().rememberMeServices(rememberMeServices());
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage(Constants.URL_PATH).successHandler(this.authSuccess).failureHandler(this.authFailure).permitAll();
http.authorizeRequests().anyRequest().authenticated().and().logout().logoutSuccessHandler(this.logoutSuccess).deleteCookies("JSESSIONID").invalidateHttpSession(false).permitAll();
http.csrf().disable();}
@Bean
public BCrypt bCryptPasswordEncoder() {
return new BCrypt();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
public AbstractRememberMeServices rememberMeServices() {
PersistentTokenBasedRememberMeServices rememberMeServices =
new PersistentTokenBasedRememberMeServices("AppKey",userDetailsService(),persistentTokenRepository());
rememberMeServices.setParameter("rememberMe");
rememberMeServices.setAlwaysRemember(true);
rememberMeServices.setCookieName("javasampleapproach-remember-me");
rememberMeServices.setTokenValiditySeconds(24 * 60 * 60);
return rememberMeServices;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
return tokenRepository;}
这是我记住的login.html:
<div class="checkboxDiv">
<input type="checkbox" name="remember-me" value="true"> <label class="check" for="checkbox">Stay Logged In</label>
</div>
任何帮助。提前致谢
答案 0 :(得分:3)
问题是你在几个语句中配置了安全性,而不是使用流畅的api。
http.authorizeRequests().antMatchers(Constants.PATHPATTERN3).permitAll().and().rememberMe().rememberMeServices(rememberMeServices());
通过这条线你激活了“记住我”。功能,但仅适用于Constants.PATHPATTERN3。因此,如果您想要激活,请记住我的所有端点,您的安全配置应该是这样的。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/sentEmail", "/contactUs", "/reset", Constants.PATTERN1,Constants.PATHPATTERN2, Constants.PATHPATTERN3).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutSuccessHandler(this.logoutSuccess).permitAll()
.and()
.formLogin()
.loginPage(Constants.URL_PATH)
.successHandler(this.authSuccess)
.failureHandler(this.authFailure).permitAll()
.and()
.rememberMe()
.tokenRepository(persistentTokenRepository())
.key("AppKey")
.alwaysRemember(true)
.rememberMeParameter("rememberMe")
.rememberMeCookieName("javasampleapproach-remember-me")
.tokenValiditySeconds(24 * 60 * 60)
.and()
csfr().disable();
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource);
return tokenRepository;
}
这样您可以一次性配置所有内容。