Announcement Announcement Module
Collapse
No announcement yet.
Remember me cookie not set Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remember me cookie not set

    I can't seem to get a cookie of spring that remembers the session, nor is the persistent_logins table of the dataSource getting populated. Why isn't the cookie received by the client?

    Application context xml file :

    <?xml version="1.0" encoding="UTF-8"?>
    <bean:beans>
    <http>
    ...
    <remember-me data-source-ref="dataSource"
    user-service-ref="userService" />
    </http>

    <authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userService">
    <password-encoder hash="md5" ref="passwordEncoder">
    <salt-source ref="saltSource" />
    </password-encoder>
    </authentication-provider>
    </authentication-manager>
    ...
    </bean:beans>
    login method:

    @Service
    public class AServiceImpl extends RemoteServiceServlet implements AService {
    @Override
    public boolean login(String username, String password, boolean remember) {
    Collection<GrantedAuthority> auths = userDetailsService.getGrantedAuthorities(user);
    auth = new UsernamePasswordAuthenticationToken(username, password, auths);
    Authentication result = authenticationManager.authenticate(auth);
    SecurityContextHolder.getContext().setAuthenticati on(result);
    getThreadLocalRequest().getSession().setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURI TY_CONTEXT_KEY,SecurityContextHolder.getContext()) ;
    rememberMeServices.loginSuccess(getThreadLocalRequ est(),getThreadLocalResponse(), auth);
    }
    }

  • #2
    Thanks for the reply, but I'm not looking to do it manually. I know there has to be a way to use the SPRING_SECURITY_REMEMBER_ME_COOKIE and I don't see a reason do it manually if Spring provides a remember-me service.

    maybe interesting note: I didn't use _spring_security_remember_me (because I don't use forms but rpc) and I don't have alwaysRememberMe set true. This is because all login/logout is done via rpc. Maybe this is the problem?

    Another small related question: the line "getThreadLocalRequest().getSession().setAttribute (HttpSessionSecurityContextRepository.SPRING_SECUR ITY_CONTEXT_KEY,SecurityContextHolder.getContext() );" looks a bit like a hack. But if I ommit it, the sessioncookie JSESSIONID is not set for some reason. Anyone know why?

    Comment


    • #3
      http://stackoverflow.com/questions/7...811334#7811334

      Comment

      Working...
      X