没有Spring安全性记住我以编程方式登录时创建的cookie [英] No Spring Security Remember me cookie created when logging in programmatically

问题描述

注册后（注册）我通过Spring Security以编程方式登录我的用户：

Right after registration (sign up) I'm logging in my user programmatically via Spring Security:

public register(HttpServletRequest request, String user, String password) {
    ...
    request.login(user, password);
}

这样可行，但它不会创建记住我的cookie（虽然通过交互式登录可以很好地创建cookie。


现在我读了这个和这个答案，您必须连接 RememberMeServices 的实现（我使用 PersistentTokenBasedRememberMeServices ）然后调用 onLoginSuccess 。我没有成功自动装载 PersistentTokenBasedRememberMeServices 。


如何使这项工作？这是正确的方法吗？为什么Spring Security不提供更方便的方式？

This works fine, but it doesn't create the remember-me cookie (although with interactive login the cookie is created fine).

Now I've read in this and this answer, that you have to wire in the implementation of RememberMeServices (I use PersistentTokenBasedRememberMeServices) and then call onLoginSuccess. I haven't been successful to autowire PersistentTokenBasedRememberMeServices.

How to make this work? Is this the right way? Why Spring Security doesn't offer a more convenient way?

PS：这是我配置的摘录：

P.S.: This is an excerpt from my configuration:

@Configuration
@EnableWebSecurity
public class WebSecConf extends WebSecurityConfigurerAdapter {

    ...

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .rememberMe()
                .tokenRepository(new MyPersistentTokenRepository())
                .rememberMeCookieName("rememberme")
                .tokenValiditySeconds(60 * 60 * 24) 
                .alwaysRemember(true)
                .useSecureCookie(true)
                .and()
            ....
       ...
    }
}

推荐答案

<你没有提到Spring版本。下面的配置适用于Spring 4，但您可以将其修改为其他版本。在 WebSecConf 类autowire PersistentTokenRepository 和 UserDetailsS​​ervice 接口。添加Bean以获取 PersistentTokenBasedRememberMeServices 实例。

You didn't mention the Spring version. Below configuration will work with Spring 4 but you can modify it for other version. In your WebSecConf class autowire PersistentTokenRepository and UserDetailsService interfaces. Add Bean to get PersistentTokenBasedRememberMeServices instance.

@Configuration
@EnableWebSecurity
public class WebSecConf extends WebSecurityConfigurerAdapter {

@Autowired
PersistentTokenRepository persistenceTokenRepository;
@Autowired
UserDetailsService userDetailsService;
    ...

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .rememberMe()
                .tokenRepository(persistenceTokenRepository)
                .rememberMeCookieName("rememberme")
                .tokenValiditySeconds(60 * 60 * 24) 
                .alwaysRemember(true)
                .useSecureCookie(true)
                .and()
            ....
       ...
    }

@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
    PersistentTokenBasedRememberMeServices persistenceTokenBasedservice = new PersistentTokenBasedRememberMeServices("rememberme", userDetailsService, persistenceTokenRepository);
    persistenceTokenBasedservice.setAlwaysRemember(true);
    return persistenceTokenBasedservice;
  }
}

现在在您正在进行程序化的Controller或类中login，autowire PersistentTokenBasedRememberMeServices 并在方法中添加以下代码以调用 loginSuccess 方法。

Now in your Controller or class where you are doing programmatic login, autowire PersistentTokenBasedRememberMeServices and add below code inside the method to invoke loginSuccess method.

@Autowired
PersistentTokenBasedRememberMeServices persistentTokenBasedRememberMeServices;

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null){
        persistentTokenBasedRememberMeServices.loginSuccess(request, response, auth);
    }

这篇关于没有Spring安全性记住我以编程方式登录时创建的cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！