在Spring 3.1中使用“记住我"功能登录用户 [英] Log user in with remember-me functionality in Spring 3.1

问题描述

我目前通过以下方式以编程方式登录用户(例如当他们通过Facebook或使用我的登录表单以外的其他方式登录时):

I currently log users in programmatically (like when they login through Facebook or other means than using my login form) with:

SecurityContextHolder.getContext().setAuthentication(
  new UsernamePasswordAuthenticationToken(user, "", authorities)
);

我想做的是登录用户，就像他们在登录表单中设置记住我"选项一样.所以我猜我需要使用RememberMeAuthenticationToken而不是UsernamePasswordAuthenticationToken吗?但是我应该为构造函数的key自变量添加什么?

What I want to do instead is log the user in as if they set the remember-me option on in the login form. So I'm guessing I need to use the RememberMeAuthenticationToken instead of the UsernamePasswordAuthenticationToken? But what do I put for the key argument of the constructor?

RememberMeAuthenticationToken(String key, Object principal, Collection<? extends GrantedAuthority> authorities) 

UPDATE :我正在使用

UPDATE: I'm using the Persistent Token Approach described here. So there is no key like in the Simple Hash-Based Token Approach.

推荐答案

我假设您已经在配置中设置了<remember-me>.

I assume you already have <remember-me> set in your configuration.

记住我"的工作方式是设置一个cookie，当用户会话期满后返回该站点时，该cookie将被识别.

The way remember-me works is it sets a cookie that is recognized when the user comes back to the site after their session has expired.

您必须将正在使用的RememberMeServices(TokenBased或PersistentTokenBased)子类化，并公开onLoginSuccess().例如:

You'll have to subclass the RememberMeServices (TokenBased or PersistentTokenBased) you are using and make the onLoginSuccess() public. For example:

public class MyTokenBasedRememberMeServices extends PersistentTokenBasedRememberMeServices {
    @Override
    public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
        super.onLoginSuccess(request, response, successfulAuthentication);
    }   
} 

<remember-me services-ref="rememberMeServices"/>

<bean id="rememberMeServices" class="foo.MyTokenBasedRememberMeServices">
    <property name="userDetailsService" ref="myUserDetailsService"/>
    <!-- etc -->
</bean>

将您的RememberMeServices注入到您要进行编程登录的Bean中.然后使用您创建的UsernamePasswordAuthenticationToken对其调用onLoginSuccess().这将设置cookie.

Inject your RememberMeServices into the bean where you are doing the programmatic login. Then call onLoginSuccess() on it, using the UsernamePasswordAuthenticationToken that you created. That will set the cookie.

UsernamePasswordAuthenticationToken auth = 
    new UsernamePasswordAuthenticationToken(user, "", authorities);
SecurityContextHolder.getContext().setAuthentication(auth);
getRememberMeServices().onLoginSuccess(request, response, auth);  

更新

@at对此进行了改进，没有RememberMeServices:

@at improved upon this, with no subclassing of RememberMeServices:

UsernamePasswordAuthenticationToken auth = 
    new UsernamePasswordAuthenticationToken(user, "", authorities);
SecurityContextHolder.getContext().setAuthentication(auth);

// This wrapper is important, it causes the RememberMeService to see
// "true" for the "_spring_security_remember_me" parameter.
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
    @Override public String getParameter(String name) { return "true"; }            
};

getRememberMeServices().loginSuccess(wrapper, response, auth);  

这篇关于在Spring 3.1中使用“记住我"功能登录用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！