Announcement Announcement Module
Collapse
No announcement yet.
Spring security remember-me cookie configuration example Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security remember-me cookie configuration example

    Guys, wanted to determine (step-by-step) how remember-me works, but I can't make working configuration to start with. Minimal config (just <remember-me />) works great, but full - not, I haven't any remember-me cookie sent to my browser.

    Help please with errors detecting. My security-context.xml is:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
               http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
               http://www.springframework.org/schema/security
               http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    
    	<global-method-security pre-post-annotations="enabled" />
    
    	<beans:bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    		<beans:property name="authenticationManager" ref="authenticationManagerDB" />
    		<beans:property name="rememberMeServices" ref="rememberMeServices" />
    	</beans:bean>
    
    	<http pattern="/static/**" security="none" />
    
    	<http auto-config="false">
    		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<form-login login-page='/login' />
    		<!-- remember-me key="springRocks" / -->
    		<custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER" />
    		<logout />
    	</http>
    
    	<!-- Remember-me configuration -->
    	<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    		<beans:property name="authenticationManager" ref="authenticationManagerDB" />
    		<beans:property name="rememberMeServices" ref="rememberMeServices" />
    	</beans:bean>
    
    	<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
    		<beans:property name="userDetailsService" ref="userDetailsService" />
    		<beans:property name="key" value="springRocks" />
    	</beans:bean>
    
    	<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
    		<beans:property name="key" value="springRocks" />
    	</beans:bean>
    
    	<!-- Authenticator configuration -->
    	<beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
    		<beans:property name="dataSource" ref="dataSourceMySQL" />
    		<beans:property name="usersByUsernameQuery" value="select login, pass, enabled from `user` where login = ?" />
    		<beans:property name="authoritiesByUsernameQuery"
    			value="SELECT `user`.`login`, `authority`.`authority` FROM `user`, `authority` WHERE `user`.`login` = ? and `user`.`id` = `authority`.`userId`" />
    	</beans:bean>
    
    	<authentication-manager alias="authenticationManagerDB" xmlns="http://www.springframework.org/schema/security">
    		<authentication-provider user-service-ref="userDetailsService" />
    		<authentication-provider ref="rememberMeAuthenticationProvider" />
    	</authentication-manager>
    
    </beans:beans>
    Similar topic:
    http://forum.springsource.org/showth...ht=remember-me
    Last edited by Lsync; Sep 28th, 2012, 05:21 AM. Reason: Link to similar topic added.

  • #2
    Partially resolved by switching back to <remember-me /> tag and using attributes (like services-ref in an example), so I can use own RememberMeServices implementation:


    HTML Code:
    ...
    	<http auto-config="false">
    		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<form-login login-page='/login' />
    		<remember-me key="springRocks" services-ref="rememberMeServices" />
    		<logout />
    	</http>
    
    	<!-- Remember-me configuration -->
    	<beans:bean id="rememberMeServices" class="my.own.rememberme.TokenBasedRememberMeServices">
    		<beans:property name="userDetailsService" ref="userDetailsService" />
    		<beans:property name="key" value="springRocks" />
    	</beans:bean>
    ...
    Still don't know how to setup remember-me filter by hand correctly.

    Comment

    Working...
    X