Announcement Announcement Module
Collapse
No announcement yet.
alwaysRememberMe ignored on custom rememberme Spring Security 3 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • alwaysRememberMe ignored on custom rememberme Spring Security 3

    Hi,

    I have a custom remembermanager that is configured like so:
    PHP Code:
        <http>
    [...]
            <
    intercept-url pattern="/**" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN,ROLE_VENDOR" />
            <
    form-login always-use-default-target="false"
                
    default-target-url="/index.html" authentication-failure-url="/login.html"
                
    login-page="/login.html" login-processing-url="/login_security_check" />
        
            <
    logout logout-url="/logout.html" logout-success-url="/index.html"
                
    invalidate-session="true" />
            <
    anonymous granted-authority="ROLE_ANONYMOUS" />
            <
    remember-me services-ref="rememberMeServices" key="${msa.security.key}/>
        </
    http>

         <
    beans:bean id="rememberMeServices"
            
    class="nl.project.service.impl.RememberMeManagerImpl">
            <
    beans:property name="userDetailsService" ref="usorManager" />
            <
    beans:property name="key"
                
    value="${msa.security.key}/>
            <
    beans:property name="parameter" value="rememberMe" />
            <
    beans:property name="userDao" ref="usorDao" />
            <
    beans:property name="alwaysRemember" value="true" />
        </
    beans:bean
    The custom remember me is to ensure that some session variables are being set onLoginSuccess and processAutoLoginCookie. Set up like so:

    PHP Code:
        public void onLoginSuccess(
                
    HttpServletRequest request,
                
    HttpServletResponse response,
                
    Authentication authentication) {
            
    super.onLoginSuccess(requestresponseauthentication);
            
    Usor user userDao.getUserByEmail(authentication.getPrincipal()
                    .
    toString());
            if (
    user != null) {
                
    request.getSession(true).setAttribute(MSA.USER_KEYuser);
                
    request.getSession().setAttribute(MSA.COUNTRY_KEY,
                        
    user.getAddress().getCountry());
            }
        }

        public 
    UserDetails processAutoLoginCookie(
                
    String[] cookieTokens,
                
    HttpServletRequest request,
                
    HttpServletResponse response
                
                
    ) {
            
    UserDetails det super
                    
    .processAutoLoginCookie(cookieTokensrequestresponse);
            if (
    det != null) {
                
    Usor user userDao.getUserByEmail(det.getUsername());
                if (
    user != null) {
                    
    request.getSession(true).setAttribute(MSA.USER_KEYuser);
                    
    request.getSession().setAttribute(MSA.COUNTRY_KEY,
                            
    user.getAddress().getCountry());
                }
            }
            return 
    det;
        } 
    When I examine the remember me cookie that is being set by Spring, I see thay it uses the default 14 days expiry delay. When alwaysRemember is set to true, I would expect something in the distant future.

    Any ideas?

    Kind regards,

    Marc

  • #2
    You're misunderstanding the function of "alwaysRemember". It affects whether the cookie is set, not how long for. Check the Javadoc or the code for more info.

    Comment


    • #3
      :-)

      Javadoc description of the function is empty :-)

      Thanks for clearing this up for me.

      Marc

      Comment

      Working...
      X