Announcement Announcement Module
Collapse
No announcement yet.
Spring 3.0 Remember Me Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring 3.0 Remember Me

    application-security.XML
    Code:
    <security:http access-decision-manager-ref="accessDecisionManager" access-denied-page="/home.htm?failed=true">
       	<security:session-management session-authentication-strategy-ref="sessionFixation" invalid-session-url="/home.htm" />
        	   	
        	<security:form-login login-page="/standardlogin.htm" authentication-success-handler-ref="authenticationSuccessHandler"  authentication-failure-handler-ref="authenticationFailureHandler" />
        	<security:logout logout-url="/j_spring_security_logout" logout-success-url="/home.htm" invalidate-session="true" />
        	<security:anonymous username="anonymous" />
        	<security:remember-me services-ref="rememberMeServices" key="a23eef6dfd1514cb885f47070380ff18"/>
        </security:http>
        
        <bean id="sessionFixation" class="de.hybris.platform.servicelayer.security.spring.HybrisSessionFixationProtectionStrategy"/>
        
        <security:global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
       	
       	<security:authentication-manager alias="theAuthenticationManager">
    				<security:authentication-provider ref="authenticationProvider" />
    				<security:authentication-provider ref="rememberMeAuthenticationProvider" />
    	</security:authentication-manager>
    	
    	<bean id="authenticationSuccessHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationSuccessHandler">
    	 <constructor-arg value="/firstpage.htm"></constructor-arg>
    	</bean>
    	
    	<bean id="authenticationFailureHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationFailureHandler">
            <constructor-arg value="/home.htm?failed=true"></constructor-arg>
    	</bean>
    	
        <bean id="authenticationProvider" parent="ecomAuthenticationProvider" scope="tenant"/>
        
    	<bean id="ecomAuthenticationProvider" class="com.entertainment.ecom.web.auth.EcomAuthenticationProvider" scope="tenant" abstract="true" />
    	
    	<util:set id="authorizedGroups" value-type="java.lang.String">
    		<value>customergroup</value>
    	</util:set>
    	
        <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    		<property name="decisionVoters">
    			<list>
    				<bean id="notInitializedVoter" class="de.hybris.platform.spring.security.voter.HybrisNotInitializedVoter" />
    				<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" />
    				<bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" />
    			</list>
    		</property>
    	</bean>
    		
    	<bean id="ecomUserDetailsService" class="com.entertainment.ecom.web.auth.EcomUserDetailsService"/>
    	
    	<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    	 	 <property name="authenticationManager" ref="theAuthenticationManager"/>
    	 	 <property name="filterProcessesUrl" value="/j_spring_security_check"/>
    	 	 <property name="rememberMeServices" ref="rememberMeServices"/>
    		 <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
    		 <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
    	</bean> 
    	
    	<bean id="rememberMeFilter" class=
    		"org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    		<property name="rememberMeServices" ref="rememberMeServices"/>
    		<property name="authenticationManager" ref="theAuthenticationManager" />
    	</bean>
    	
    	<bean id="rememberMeServices" class=
    		"org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
    		<property name="userDetailsService" ref="ecomUserDetailsService"/>
    		<property name="key" value="a23eef6dfd1514cb885f47070380ff18"/>
    		<property name="parameter" value="_spring_security_remember_me"/>
     	  	<property name="cookieName" value="ENTC"/>
      	    <property name="tokenValiditySeconds" value="80000"/>
    	</bean>
    	
    	<bean id="rememberMeAuthenticationProvider" class=
    		"org.springframework.security.authentication.RememberMeAuthenticationProvider">
    		<property name="key" value="a23eef6dfd1514cb885f47070380ff18"/>
    	</bean>
    	
    	<bean id="myfilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
         <security:filter-chain-map path-type="ant">
             <security:filter-chain pattern="/firstpage.htm" filters="authenticationFilter,rememberMeFilter"/>
         </security:filter-chain-map>
     	</bean>
    login.jsp

    Code:
                  <form id="loginForm" name="loginForm"  method="post" action="j_spring_security_check?standardlogin">
                      <input class="textBox" type="text" name="j_username" id="j_username" />
                      <input class="textBox" type="password" name="j_password" id="j_password" />
                        <input type="checkbox" class="chkinput" name="_spring_security_remember_me" value="" checked="checked"/>
    Trying to implement "Remember Me" in "Simple Hash-Based Token Approach"
    1)Is the above configuration complete and correct? Even cookie is not created.
    2)In login.jsp should the name of checkbox be "_spring_security_remember_me".
    3)Giving context path for <security:filter-chain pattern="/ecomweb"
    4)can the key be any unique value="e4d909c290d0fb1ca068ffaddf22cbd0"
    5)difference between this <security:form-login login-page="/standardlogin.htm"

    and

    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/standardlogin.htm"/>

    6)What is the sequence of remember me authentication process from when we check?

    Please guide me resolve the issue.
    the checkbox in JSP
    Last edited by sand_sio2; Mar 11th, 2011, 04:18 AM.

  • #2
    Set the "value" attribute in the HTML for the checkbox to "true"; otherwise your browser will not send a value for the form field even though it is checked. That's a good place to start, if it still doesn't work, enable debug logging or use a debugger!

    Comment


    • #3
      Have you set token-validity-seconds in the XML configuration? Assuming the browser is not configured to clear cookies upon close, the cookie should be retained for as long as the time that is configured in the XML (by default, 2 weeks). What browser are you using and how have you verified that the cookie is in fact being set?

      Comment


      • #4
        On IE and Chrome ,its working fine.
        Last edited by sand_sio2; Mar 11th, 2011, 09:36 AM.

        Comment


        • #5
          Originally posted by sand_sio2 View Post
          On IE and Chrome ,its working fine.
          Thanks. Can you please answer the rest of my questions? Also, what browser is it failing on?

          Comment


          • #6
            I was unable to see the cookie in Mozilla after restart.
            Last edited by sand_sio2; Mar 14th, 2011, 03:28 AM.

            Comment

            Working...
            X