1. 首頁
  2. 問答
  3. Spring Security RememberMeAuthenticationFilter未解僱

Spring Security RememberMeAuthenticationFilter未解僱

2010-07-19 70 views
3

我試圖在Spring 3 webapp中集成RememberMe功能。 該應用程序運行良好,並沒有顯示任何其他問題。Spring Security RememberMeAuthenticationFilter未解僱

當我啓用「記住我」檢查時,cookie被正確創建並與任何請求一起發送(我已經使用Firebug和Chrome DevExtensions對其進行了測試)。

當我關閉並重新打開瀏覽器時,Cookie仍處於活動狀態並已發送,但未啓用RememberMe過濾器,則鏈中的下一個過濾器爲AnonymousFilter,用戶通過匿名身份驗證並返回登錄頁面。

任何想法爲什麼?

ApplicationContext的相關部分是:

<security:http> 
    <security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/stylesheets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/javascripts/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/impianti/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/buoni/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/admin/*" access="ROLE_ADMIN" /> 
    <security:intercept-url pattern="/**" access="ROLE_USER" /> 
    <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.html" /> 
    <security:http-basic /> 
    <security:logout logout-success-url="/login_redirect.jsp" logout-url="/logout" /> 
    <security:remember-me/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:password-encoder hash="md5" /> 
     <security:jdbc-user-service data-source-ref="dataSource"/> 
    </security:authentication-provider> 
</security:authentication-manager>

日誌是:

關閉瀏覽器&之前重新打開:

DEBUG: org.springframework.security.web.FilterChainProxy - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.securi[email protected]1420fea' 
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: (etc)

在重新打開後:

DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.securi[email protected]1420fea' 
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 8 of 11 in additional filter chain; firing Filter: 'org.springfram[email protected]230be4' 
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]905571d8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 96789943A570362DE4B0113A5262F0CB; Granted Authorities: ROLE_ANONYMOUS'

來源

2010-07-19 alessino

+0

你使用Spring Security的最新版本嗎? RememberMe在3.0.1中被破解,在3.0.2中被修復。 – axtavt 2010-07-19 09:31:46

+0

Hello,Spring&Spring Security 3.0.3由Maven獲得。 – alessino 2010-07-19 10:34:01

回答

0

檢查您是否錯過了記住我的權威提供者。

來源

2011-10-19 17:16:13 knalli

相關問題

 相關問題