2016-04-21 173 views
1

我已經實現了spring security ajax登錄。 。Spring Security使用Ajax登錄記住我

我定義了我自己的customAuthenticationEntryPoint,authenticationFilter,securityLoginSuccessHandler。它可以成功驗證用戶。但是,當我添加記住我的一部分。這是行不通的。數據庫中沒有運行SQL將令牌插入到persistent_logins中。我不知道我的配置是否有問題?請幫忙。

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.2.xsd 
http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util-3.2.xsd"> 

    <http pattern="/resources/**" security="none" /> 
    <http auto-config="false" use-expressions="true" entry-point-ref="customAuthenticationEntryPoint"> 

     <intercept-url pattern="/**" access="permitAll" /> 

     <access-denied-handler error-page="/denied" /> 

     <logout invalidate-session="true" delete-cookies="JSESSIONID" 
      success-handler-ref="securityLogoutSuccessHandler" logout-url="/logout" /> 

     <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" /> 
     <csrf /> 

     <!-- enable remember me --> 
    <remember-me 
     services-ref = "rememberMeServices" 
     key = "_spring_security_remember_me" /> 
    </http> 


    <beans:bean id="rememberMeServices" 
       class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> 
     <beans:property name="key" value="_spring_security_remember_me"/> 
     <beans:property name="alwaysRemember" value="true"/> 
     <beans:property name="tokenRepository" ref="jdbcTokenRepository"/> 
     <beans:property name="userDetailsService" ref="userDetailsService"/> 
    </beans:bean> 


    <beans:bean id="jdbcTokenRepository" 
       class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl"> 
     <beans:property name="createTableOnStartup" value="false"/> 
     <beans:property name="dataSource" ref="dataSource"/> 
    </beans:bean> 

    <beans:bean id="customAuthenticationEntryPoint" 
     class="com.tong.beau.service.security.CustomAuthenticationEntryPoint"> 
     <beans:property name="loginPageUrl" value="/login" /> 
     <beans:property name="returnParameterEnabled" value="true" /> 
     <beans:property name="returnParameterName" value="r" /> 
    </beans:bean> 

    <beans:bean id="authenticationFilter" 
     class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
     <beans:property name="authenticationManager" ref="authenticationManager" /> 
     <beans:property name="filterProcessesUrl" value="/security_check" /><!-- 
      change here if customize form action --> 
     <!-- handler are for login with ajax POST --> 
     <beans:property name="authenticationFailureHandler" 
      ref="securityLoginFailureHandler" /> 
     <beans:property name="authenticationSuccessHandler" 
      ref="securityLoginSuccessHandler" /> 
     <beans:property name="PasswordParameter" value="password" /><!-- 
      change here for password field name in the form --> 
     <beans:property name="UsernameParameter" value="username" /><!-- 
      change here for username field name in the form --> 
    </beans:bean> 

    <beans:bean id="securityLoginSuccessHandler" 
     class="com.tong.beau.service.security.SecurityLoginSuccessHandler"> 
     <beans:property name="defaultTargetUrl" value="/" /> 
     <beans:property name="targetUrlParameter" value="return-url"/> 
    </beans:bean> 

    <beans:bean id="securityLoginFailureHandler" 
     class="com.tong.beau.service.security.SecurityLoginFailureHandler"> 
     <beans:property name="defaultFailureUrl" value="/login/failure" /> 
    </beans:bean> 

    <beans:bean id="securityLogoutSuccessHandler" 
     class="com.tong.beau.service.security.SecurityLogoutSuccessHandler"> 
     </beans:bean> 

    <beans:bean id="encoder" 
     class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> 

    <authentication-manager alias="authenticationManager"> 
     <authentication-provider user-service-ref="userDetailsService"> 
      <password-encoder ref="encoder" /> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans> 

由於我實現了我的CustomAuthenticationEntryPoint,是否需要在入口點處理記住我的服務?

回答

0

看着春季安全4.0.3的源代碼後,我發現默認的參數實際上是定義爲這樣:

public static final String DEFAULT_PARAMETER = "remember-me"; 

所以我所做的就是編輯的前端送數據名稱爲「記住我」。

春季安全4.0.3之前,默認參數是_spring_security_remember_me

這將是值得一提。配置也有一些問題。

我的工作配置如下。

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd 
http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util.xsd"> 

    <http pattern="/resources/**" security="none" /> 
    <http auto-config="false" use-expressions="true" entry-point-ref="customAuthenticationEntryPoint"> 

     <intercept-url pattern="/**" access="permitAll" /> 

     <access-denied-handler error-page="/denied" /> 

     <logout invalidate-session="true" delete-cookies="JSESSIONID" 
      success-handler-ref="securityLogoutSuccessHandler" logout-url="/logout" /> 

     <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" /> 
     <custom-filter ref="rememberMeFilter" after="FORM_LOGIN_FILTER" /> 
     <csrf /> 
     <remember-me key = "remember-me" services-ref="rememberMeServices"/> 
    </http> 

    <beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> 
      <beans:constructor-arg ref="authenticationManager"/> 
      <beans:constructor-arg ref="rememberMeServices"/> 
    </beans:bean> 

    <beans:bean id="rememberMeServices" 
       class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> 
      <beans:constructor-arg value="remember-me"/> 
      <beans:constructor-arg ref="userDetailsService"/> 
      <beans:constructor-arg ref="jdbcTokenRepository"/> 
    </beans:bean> 

    <beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider"> 
     <beans:constructor-arg value="remember-me"/> 
    </beans:bean> 

    <beans:bean id="jdbcTokenRepository" 
       class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl"> 
     <beans:property name="createTableOnStartup" value="false"/> 
     <beans:property name="dataSource" ref="dataSource"/> 
    </beans:bean> 

    <beans:bean id="customAuthenticationEntryPoint" 
     class="com.tong.beau.service.security.CustomAuthenticationEntryPoint"> 
     <beans:property name="loginPageUrl" value="/login" /> 
     <beans:property name="returnParameterEnabled" value="true" /> 
     <beans:property name="returnParameterName" value="r" /> 
    </beans:bean> 

    <beans:bean id="authenticationFilter" 
     class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 

     <beans:property name="authenticationManager" ref="authenticationManager" /> 
     <beans:property name="rememberMeServices" ref="rememberMeServices" /> 
     <beans:property name="filterProcessesUrl" value="/security_check" /> 

     <!-- change here if customize form action --> 
     <!-- handler are for login with ajax POST --> 

     <beans:property name="authenticationFailureHandler" 
      ref="securityLoginFailureHandler" /> 
     <beans:property name="authenticationSuccessHandler" 
      ref="securityLoginSuccessHandler" /> 
     <beans:property name="PasswordParameter" value="password" /> 
     <!-- change here for password field name in the form --> 
     <beans:property name="UsernameParameter" value="username" /> 
     <!-- change here for username field name in the form --> 
    </beans:bean> 

    <beans:bean id="securityLoginSuccessHandler" 
     class="com.tong.beau.service.security.SecurityLoginSuccessHandler"> 
     <beans:property name="defaultTargetUrl" value="/" /> 
     <beans:property name="targetUrlParameter" value="return-url"/> 
    </beans:bean> 

    <beans:bean id="securityLoginFailureHandler" 
     class="com.tong.beau.service.security.SecurityLoginFailureHandler"> 
     <beans:property name="defaultFailureUrl" value="/login/failure" /> 
    </beans:bean> 

    <beans:bean id="securityLogoutSuccessHandler" 
     class="com.tong.beau.service.security.SecurityLogoutSuccessHandler"> 
     </beans:bean> 

    <beans:bean id="encoder" 
     class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> 

    <authentication-manager alias="authenticationManager"> 
     <authentication-provider ref="rememberMeAuthenticationProvider"> 
     </authentication-provider> 

     <authentication-provider user-service-ref="userDetailsService"> 
      <password-encoder ref="encoder" /> 
     </authentication-provider> 
    </authentication-manager> 
</beans:beans>