zoukankan      html  css  js  c++  java
  • spring security之Remember Me

    spring-security.xml配置

    环境:

    spring版本:5.0.7.RELEASE

    spring-security.xml引入:

    http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.2.xsd

    1、添加以下remember-me服务需要的bean:

        <!--rememberMe-->
        <beans:bean id="myRememberMeAuthenticationProvider" class=
                "org.springframework.security.authentication.RememberMeAuthenticationProvider">
            <beans:constructor-arg name="key" value="xxxxxxxx"/>
        </beans:bean>
    
        <!--不能与http标签中的remember-me同时存在,否则会报have the same 'order' value-->
        <beans:bean id="myRememberMeAuthenticationFilter" class=
                "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
            <beans:constructor-arg name="rememberMeServices" ref="myRememberMeServices"/>
            <beans:constructor-arg name="authenticationManager" ref="authenticationManager" />
        </beans:bean>
    
        <!-- RememberMeServices的实现 -->
        <beans:bean id="myRememberMeServices" class=
                "org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
            <beans:constructor-arg name="key" value="xxxxxxxx"/>
            <beans:constructor-arg name="userDetailsService" ref="myUserDetailService"/>
            <beans:constructor-arg name="tokenRepository" ref="myPersistentTokenRepository"/>
            <beans:property name="tokenValiditySeconds" value="86400"/><!--1天-->
        </beans:bean>
        <!--持久化token,存入数据库persistent_logins表中-->
        <beans:bean id="myPersistentTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
            <beans:property name="dataSource" ref="dataSource"/>
        </beans:bean>

    2、

    添加你的RememberMeServices实现UsernamePasswordAuthenticationFilter.setRememberMeServices()的属性

    包括RememberMeAuthenticationProviderAuthenticationManager.setProviders()中的列表,

    并添加RememberMeAuthenticationFilter到你的FilterChainProxy(一般在你的UsernamePasswordAuthenticationFilter之后)

    详细如下:

        <http auto-config="false" use-expressions="true" entry-point-ref="myLoginUrlAuthenticationEntryPoint">
            <intercept-url pattern="/**" access="authenticated"/>
    
            <custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
    
            <custom-filter  ref="myRememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/>
    
            <!--用户退出的时候清空session以及删除JSESSIONID的cookies
                只有logout-url为/logout时,才会触发CookieClearingLogoutHandler的logout方法-->
            <logout logout-url="/logout"
                    logout-success-url="/login"
                    invalidate-session="true"
                    delete-cookies="JSESSIONID"/>
    
            <!--session-authentication-strategy-ref表示会话的身份验证策略-->
            <session-management invalid-session-url="/login">
                <concurrency-control max-sessions="1"/>
            </session-management>
    
            <csrf disabled="true" />
    
        </http>
        <!--不能与form-login同时存在,因为它功能相当于调用http.formLogin()。同时出现,会报have the same 'order' value.-->
        <beans:bean id="loginAuthenticationFilter"
                    class="com.example.demo.web.security.MyUsernamePasswordAuthenticationFilter">
            <beans:property name="usernameParameter" value="name"/>             <!--对应登录时的用户名需要传的参数名称-->
            <beans:property name="passwordParameter" value="pass"/>             <!--对应登录时的密码提交时的参数名称-->
            <beans:property name="filterProcessesUrl" value="/signin"/>    <!--表单提交地址-->
            <beans:property name="authenticationSuccessHandler" ref="myAuthenticationSuccessHandler"/>
            <beans:property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler"/>
            <beans:property name="authenticationManager" ref="authenticationManager"/>
            <beans:property name="rememberMeServices" ref="myRememberMeServices"/>
        </beans:bean>
    
        <!-- 验证配置 , 认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
        <authentication-manager alias="authenticationManager">
            <authentication-provider ref="myDaoAuthenticationProvider"/>
            <authentication-provider ref="myRememberMeAuthenticationProvider"/>
        </authentication-manager>
  • 相关阅读:
    计算机内功心法01】一:看完这篇还不懂高并发中的线程与线程池 计算机内功心法02】二:读取文件时,程序经历了什么?
    计算机内功心法03】三:一文彻底理解IO多路复用计算机内功心法04】四:进程切换与线程切换的区别
    计算机内功心法05】五:从小白到高手,你需要理解同步与异步
    计算机内功心法06】六:10张图让你彻底理解回调函数
    计算机内功心法07】七:高并发高性能服务器是如何实现的
    计算机内功心法08】八:函数运行时在内存中是什么样子?
    moviepy音视频开发:音频文件存取类AudioFileClip属性和方法介绍
    区块链学习5:智能合约Smart contract原理及发展历程科普知识
    moviepy音视频开发:音频剪辑基类AudioClip
    moviepy音视频开发:音频剪辑基类AudioClip详解
  • 原文地址:https://www.cnblogs.com/amunamuna/p/9636360.html
Copyright © 2011-2022 走看看