Announcement Announcement Module
Collapse
No announcement yet.
Authentication in AWS EC2 enviroment Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication in AWS EC2 enviroment

    I am trying to set up Spring security 3.1 where once a user a logs in, the user can hit any web server without requiring to login again. So if I have a session timeout of say 15 minutes, the user should only have to login again after 15 minutes of inactivity.

    I thought to use PersistentTokenBasedRememberMeServices however it does not update the column last_used in persistent_logins table after each user request. So it only works since the user last logged in.

    This would seem to be a common use case however I can't find a simple solution for it using Spring Security. I thought about creating my own cookie and using a filter to update the SecurityContext if the cookie passed my validation and the SecurityContext did not exist yet.

    Any suggestions for a solution to my problem? Thanks!

  • #2
    The solution I used was

    <http>
    ...
    <custom-filter before="REMEMBER_ME_FILTER" ref="myRememberMe" />
    <remember-me services-ref="rememberMeServices" />
    </http>

    <bean id="myRememberMe" class="com.company.MyRememberMeAuthenticationFilte r" >
    <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>
    <bean id="rememberMeServices"
    class="org.springframework.security.web.authentica tion.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="userDetailsService" />
    <property name="key" value="whatever" />
    <property name="tokenValiditySeconds" value="600" />
    <property name="alwaysRemember" value="true" />
    </bean>


    public class MyRememberMeAuthenticationFilter extends GenericFilterBean {

    private RememberMeServices rememberMeServices;

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
    throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    if (SecurityContextHolder.getContext().getAuthenticat ion() != null) {
    getRememberMeServices().loginSuccess(request, response,SecurityContextHolder.getContext().getAut hentication());
    }
    chain.doFilter(request, response);
    }
    }

    Comment

    Working...
    X