在 Spring 3.1 中使用记住我的功能登录用户 [英] Log user in with remember-me functionality in Spring 3.1

问题描述

我目前以编程方式登录用户(例如当他们通过 Facebook 或其他方式而不是使用我的登录表单登录时):

I currently log users in programmatically (like when they login through Facebook or other means than using my login form) with:

SecurityContextHolder.getContext().setAuthentication(
  new UsernamePasswordAuthenticationToken(user, "", authorities)
);

我想做的是让用户登录，就像他们在登录表单中设置了记住我"选项一样.所以我猜我需要使用 RememberMeAuthenticationToken 而不是 UsernamePasswordAuthenticationToken?但是我为构造函数的 key 参数放了什么?

What I want to do instead is log the user in as if they set the remember-me option on in the login form. So I'm guessing I need to use the RememberMeAuthenticationToken instead of the UsernamePasswordAuthenticationToken? But what do I put for the key argument of the constructor?

RememberMeAuthenticationToken(String key, Object principal, Collection<? extends GrantedAuthority> authorities) 

更新:我正在使用 此处描述的持久令牌方法.所以没有像 Simple Hash-Based Token Approach 那样的键.

UPDATE: I'm using the Persistent Token Approach described here. So there is no key like in the Simple Hash-Based Token Approach.

推荐答案

我假设你已经在你的配置中设置了 .

I assume you already have <remember-me> set in your configuration.

remember-me 的工作方式是设置一个 cookie，当用户在会话过期后返回站点时，该 cookie 会被识别.

The way remember-me works is it sets a cookie that is recognized when the user comes back to the site after their session has expired.

您必须子类化您正在使用的 RememberMeServices(TokenBased 或 PersistentTokenBased)并使 onLoginSuccess() 公开.例如:

You'll have to subclass the RememberMeServices (TokenBased or PersistentTokenBased) you are using and make the onLoginSuccess() public. For example:

public class MyTokenBasedRememberMeServices extends PersistentTokenBasedRememberMeServices {
    @Override
    public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
        super.onLoginSuccess(request, response, successfulAuthentication);
    }   
} 

<remember-me services-ref="rememberMeServices"/>

<bean id="rememberMeServices" class="foo.MyTokenBasedRememberMeServices">
    <property name="userDetailsService" ref="myUserDetailsService"/>
    <!-- etc -->
</bean>

将您的 RememberMeServices 注入到您进行程序化登录的 bean 中.然后使用您创建的 UsernamePasswordAuthenticationToken 对其调用 onLoginSuccess().这将设置 cookie.

Inject your RememberMeServices into the bean where you are doing the programmatic login. Then call onLoginSuccess() on it, using the UsernamePasswordAuthenticationToken that you created. That will set the cookie.

UsernamePasswordAuthenticationToken auth = 
    new UsernamePasswordAuthenticationToken(user, "", authorities);
SecurityContextHolder.getContext().setAuthentication(auth);
getRememberMeServices().onLoginSuccess(request, response, auth);  

更新

@at 对此进行了改进，没有 RememberMeServices:

@at improved upon this, with no subclassing of RememberMeServices:

UsernamePasswordAuthenticationToken auth = 
    new UsernamePasswordAuthenticationToken(user, "", authorities);
SecurityContextHolder.getContext().setAuthentication(auth);

// This wrapper is important, it causes the RememberMeService to see
// "true" for the "_spring_security_remember_me" parameter.
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
    @Override public String getParameter(String name) { return "true"; }            
};

getRememberMeServices().loginSuccess(wrapper, response, auth);  

这篇关于在 Spring 3.1 中使用记住我的功能登录用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！