1. 首頁
  2. 問答
  3. Spring安全記住我在春天的MVC應用程序中不工作。

Spring安全記住我在春天的MVC應用程序中不工作。

2011-11-22 48 views
3

身份驗證和授權工作正常。但請記住,我在應用程序中工作不正常。Spring安全記住我在春天的MVC應用程序中不工作。

我已經使用了Spring安全性(一次只能有一個)的數據庫身份驗證和ldap身份驗證以及大量的彈簧安全性自定義。

下面是我的spring安全上下文文件。

<?xml version="1.0" encoding="UTF-8"?> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:context="http://www.springframework.org/schema/context" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
          http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd 
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    <context:property-placeholder location="classpath:/application.properties"/>               

    <http use-expressions="true"> 
     <intercept-url pattern="/resources/**" filters="none" /> 
     <intercept-url pattern="/login" access="permitAll"/> 
     <intercept-url pattern="/**" access="isAuthenticated()" /> 
     <form-login login-page="/login"/> 
     <logout invalidate-session="true" 
       logout-success-url="/" 
       logout-url="/logout"/> 
     <remember-me key="myApp2" /> 
     <custom-filter before="FORM_LOGIN_FILTER" ref="applicationAuthenticationFilter"/> 
    </http> 

    <beans:bean id="applicationAuthenticationFilter" class="com.myApp.security.DmxAuthenticationFilter"> 
     <beans:property name="authenticationManager" ref="authenticationManager"/> 
     <beans:property name="authenticationFailureHandler" ref="failureHandler"/> 
     <beans:property name="authenticationSuccessHandler" ref="successHandler"/> 
     <beans:property name="authenticationMethod" value="${authenticationMethod}"/> 
    </beans:bean> 

    <beans:bean id="successHandler" 
     class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
     <beans:property name="defaultTargetUrl" value="/home"/> 
     <beans:property name="alwaysUseDefaultTargetUrl" value="true"/> 
    </beans:bean> 

    <beans:bean id="failureHandler" 
     class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
     <beans:property name="defaultFailureUrl" value="/login?login_error=1"/> 
    </beans:bean> 

    <beans:bean id="accessControlService" class="com.myApp.services.AccessControlService"/> 
    <beans:bean id="userService" class="com.myApp.services.UserService"/> 
    <beans:bean id="roleService" class="com.myApp.services.RoleService"/> 
    <beans:bean id="lookupService" class="com.myApp.services.LookupService"/> 

    <beans:bean id= "userDetailsService" class="com.myApp.security.DmxUsersDetailsServiceImpl"> 
     <beans:property name="accessControlService" ref="accessControlService"/> 
    </beans:bean> 

    <beans:bean id="databaseAuthenticationProvider" class="com.myApp.security.DmxAuthenticationProvider"> 
     <beans:property name="userDetailsService" ref="userDetailsService"/> 
     <!-- <beans:property name="hideUserNotFoundExceptions" value="false"/> --> 
    </beans:bean> 

    <!-- ================ LDAP configuration STARTS here ================ --> 

    <beans:bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 
     <beans:constructor-arg value="${ldap.url}"/> 
     <beans:property name="userDn" value="${ldap.userDn}"/> 
     <beans:property name="password" value="${ldap.password}"/> 
     <!-- 
     <beans:property name="baseEnvironmentProperties"> 
      <beans:map> 
       <beans:entry key="java.naming.referral" value="follow" /> 
      </beans:map> 
     </beans:property> 
     --> 
    </beans:bean> 

    <beans:bean id="ldapSearchBean" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> 
     <beans:constructor-arg value="${ldap.userSearchBase}"/> 
     <beans:constructor-arg value="${ldap.userSearchFilter}"/> 
     <beans:constructor-arg ref="ldapServer"/> 
    </beans:bean> 

    <beans:bean id="ldapAuthenticationProvider" class="com.myApp.security.DmxLdapAuthenticationProvider"> 
     <beans:constructor-arg ref="ldapBindAuthenticator"/> 
     <beans:constructor-arg ref="ldapAuthoritiesPopulator"/> 
     <beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/> 
    </beans:bean> 

    <beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator"> 
     <beans:constructor-arg ref="ldapServer"/> 
     <beans:property name="userSearch" ref="ldapSearchBean"/> 
    </beans:bean> 

    <beans:bean id="ldapAuthoritiesPopulator" class="com.myApp.security.DmxLdapAuthoritiesPopulator"> 
     <beans:constructor-arg ref="ldapServer" /> 
     <beans:constructor-arg value="" /> 
     <beans:property name="groupSearchFilter" value="${ldap.groupSearchFilter}"/> 
     <beans:property name="groupRoleAttribute" value="${ldap.groupRoleAttribute}" /> 
     <beans:property name="rolePrefix" value=""/> 
     <beans:property name="searchSubtree" value="true"/> 
     <beans:property name="convertToUpperCase" value="false"/> 
     <beans:property name="ldapTemplate" ref="ldapTemplate"/> 
    </beans:bean> 

    <beans:bean id= "dmxUsersMapper" class="com.myApp.security.DmxUsersMapper"> 
     <beans:property name="accessControlService" ref="accessControlService"/> 
     <beans:property name="userService" ref="userService"/> 
     <beans:property name="roleService" ref="roleService"/> 
     <beans:property name="lookupService" ref="lookupService"/> 
     <beans:property name="organizationUname" value="${organizationUname}"/> 
     <beans:property name="companyUname" value="${companyUname}"/> 
     <beans:property name="ldapUsername" value="${ldap.db.userName}"/> 
     <beans:property name="password" value="${ldap.db.password}"/> 
    </beans:bean>  

    <beans:bean class="com.myApp.security.DmxLdapUserDetailsMapper" id="ldapUserDetailsContextMapper"> 
     <beans:property name="dmxUsersMapper" ref="dmxUsersMapper"/> 
    </beans:bean> 

    <beans:bean id="ldapTemplate" class="org.springframework.security.ldap.SpringSecurityLdapTemplate"> 
     <beans:constructor-arg ref="ldapServer" /> 
     <beans:property name="ignorePartialResultException" value="true"/> 
    </beans:bean> 

    <!-- ================ LDAP configuration ENDS here ================ --> 

    <authentication-manager alias="authenticationManager"> 
     <authentication-provider ref="databaseAuthenticationProvider" /> 
     <authentication-provider ref="ldapAuthenticationProvider"/> 
    </authentication-manager> 

    <beans:bean id="messageSource" 
     class="org.springframework.context.support.ResourceBundleMessageSource"> 
     <beans:property name="basenames"> 
      <beans:list> 
       <beans:value>com/myApp/resourceBundles/SecurityMessages</beans:value> 
      </beans:list> 
     </beans:property>    
    </beans:bean> 

</beans:beans>

以下是我的登錄頁面。

<form action="j_dmx_security_filter" method="post"> 
    <table border="0" class="section_tbl2"> 
     <tr> 
      <td><label for="j_organization">Organization</label> </td> 
      <td> : </td> 
      <td><input id="j_organization" name="j_organization" size="20" maxlength="50" 
         type="text" class="txtinput"/></td> 
     </tr> 

     <tr> 
      <td> <label for="j_company">Company</label></td> 
      <td> : </td> 
      <td> <input id="j_company" name="j_company" size="20" maxlength="50" 
         type="text" class="txtinput"/></td> 
     </tr> 
     <tr> 
      <td><label for="j_username">Username</label> </td> 
      <td> : </td> 
      <td><input id="j_username" name="j_username" size="20" maxlength="50" 
         type="text" class="txtinput"/></td> 
     </tr> 
     <tr> 
      <td><label for="j_password">Password</label> </td> 
      <td> : </td> 
      <td><input id="j_password" name="j_password" size="20" maxlength="50" 
         type="password" class="txtinput"/></td> 
     </tr> 
     <tr> 
      <td></td> 
      <td></td> 
      <td> <input type="submit" value="Login"/></td> 
     </tr> 
     <tr> 
      <td></td> 
      <td></td> 
      <td> <input id="_spring_security_remember_me" name="_spring_security_ 
         remember_me" type="checkbox" value="true"/> 
       <label for="_spring_security_remember_me">Remember Me?</label></td> 
     </tr> 
    </table> 
</form>

記住我記號本身沒有被創建。

請幫忙。

來源

2011-11-22 ashishjmeshram

+0

有人嗎?沒有想法? :( – ashishjmeshram

+0

其中是您的RememberMe的相關Bean定義,例如 – OhadR

回答

1

爲了幫助,您的RememberMe的相關Bean定義在哪裏?如

<bean id="rememberMeServices" class= 
     "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
    <property name="userDetailsService" ref="jpaUserDetailsService"/> 
    <property name="key" value="89dqj219dn910lsAc12"/> 
</bean> 

<bean id="rememberMeAuthenticationProvider" class= 
     "org.springframework.security.authentication.RememberMeAuthenticationProvider"> 
    <property name="key" value="89dqj219dn910lsAc12"/> 
</bean>

(這是太長,寫成評論,所以我寫了它作爲一個「答案」 ...對不起)

來源

2012-07-31 11:29:48 OhadR

1

在春季安全他們提供了2種使用rememberMe服務的方式。

  1. 在rememberMeService定義中,設置屬性alwaysRememberMe爲true。在這種情況下,無論何時第一次用戶嘗試訪問安全URL時,都會進入登錄頁面。一旦用戶使用正確的用戶名和密碼登錄後,在登出之後它不會要求您登錄。

  2. 在登錄頁面中添加記住我的複選框,名稱爲「_spring_security_remember_me」,值爲「true」。在這種情況下,當用戶選擇記住我複選框時,只有它才能訪問安全的URL,無需登錄頁面,直到您註銷。

它的工作對我來說..

來源

2012-10-20 17:42:28 Vishnu

0

這是我如何做,它的工作....工作代碼完整的範例可HERE

<security:http use-expressions='true'> 
    <security:intercept-url pattern="/protected" access="isAuthenticated()"/> 
    <security:intercept-url pattern="/**" access="permitAll"/> 
    <security:form-login login-page="/login" authentication-failure-url="/login?login_error=1" /> 
    <security:logout logout-url="/j_spring_security_logout" /> 
    <security:remember-me services-ref="rememberMeServices" key="testKeyForBlog" /> 
</security:http> 

<bean id="rememberMeServices" 
     class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> 
    <property name="tokenRepository" ref="customTokenRepository" /> 
    <property name="userDetailsService" ref="userDetailsService" /> 
    <property name="key" value="testKeyForBlog" /> 
</bean>

來源

2013-04-17 04:47:37

+0

這裏是什麼'customTokenRepository'? –

0

你必須使用rememberMeService和傳遞給你的應用程序身份驗證篩選器

rememberMeSevice將會像

<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
    <beans:property name="userDetailsService" ref="userDetailsService" /> 
    <beans:property name="key" value="myApp2" /> 
</beans:bean>

您的身份驗證將

<beans:bean id="applicationAuthenticationFilter" class="com.myApp.security.DmxAuthenticationFilter"> 
     <beans:property name="authenticationManager" ref="authenticationManager"/> 
     <beans:property name="rememberMeServices" ref="rememberMeServices" /> 
     <beans:property name="authenticationFailureHandler" ref="failureHandler"/> 
     <beans:property name="authenticationSuccessHandler" ref="successHandler"/> 
     <beans:property name="authenticationMethod" value="${authenticationMethod}"/> 
    </beans:bean>

這應該工作

來源

2013-04-19 06:29:18 noushy

相關問題

 相關問題