如何解决Spring Security 使用 PersistentTokenBasedRememberMeServices 记住我
我只为 PersistentTokenBasedRememberMeServices 类创建了 bean
public RememberMeAuthenticationFilter rememberMeFilter() throws Exception
{
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(authenticationManager(),rememberMeServices());
return filter;
}
@Bean
public SecurityRememberMeServices rememberMeServices()
{
SecurityRememberMeServices secRemmeSvc = new SecurityRememberMeServices(Constants.REMEMBER_ME_KEY,userDetailsService(),tokenRepository(),rootConfig.userDetailDBQueryExecutor());
secRemmeSvc.setParameter(Constants.REMEMBER_ME_ParaMETER);
secRemmeSvc.setTokenValiditySeconds(Constants.TOKEN_VALIDITY_SECONDS);
logger.debug("### $$$ Token Validity: " + Constants.TOKEN_VALIDITY_SECONDS);
return secRemmeSvc;
}
@Bean
public PersistentTokenRepository tokenRepository()
{
JdbcTokenRepositoryImpl jdbcTokenRepo = new JdbcTokenRepositoryImpl();
jdbcTokenRepo.setDataSource(rootConfig.dataSource());
return jdbcTokenRepo;
}
@Bean
public UserDetailsService userDetailsService()
{
SecurityUserDetailsService userDetailsService = new SecurityUserDetailsService();
userDetailsService.setUserDao(rootConfig.userDao());
return userDetailsService;
}
SecurityRememberMeServices :
public class SecurityRememberMeServices extends
PersistentTokenBasedRememberMeServices
{
public SecurityRememberMeServices(String key,UserDetailsService userDetailsService,PersistentTokenRepository tokenRepository,UserDetailDBQueryExecutor userDetailDBQueryExecutor)
{
super(key,userDetailsService,tokenRepository);
}
@Override
protected boolean rememberMeRequested(HttpServletRequest request,String parameter)
{
logger.debug("### Remember Requests: " + parameter);
return super.rememberMeRequested(request,parameter);
}
@Override
protected void onLoginSuccess(HttpServletRequest request,HttpServletResponse response,Authentication successfulAuthentication)
{
logger.debug("### Remember Me Login Success: " + (UserPrincipal)
successfulAuthentication.getPrincipal());
super.onLoginSuccess(request,response,successfulAuthentication);
}
@Override
protected UserDetails processAutoLoginCookie(String[] cookietokens,HttpServletRequest request,HttpServletResponse response)
{
String userName = token.getUsername();
logger.debug("username"+userName );
return super.processAutoLoginCookie(cookietokens,request,response);
}
@Override
public void logout(HttpServletRequest request,Authentication authentication)
{
String username = authentication.getName();
logger.debug("### To remove persistent login for user " + username);
super.logout(request,authentication);
}
}
PersistentTokenBasedRememberMeServices.onLoginSuccess(...) 被调用并生成一个令牌并存储在数据库中
在调用 logout 时,它应该调用 PersistentTokenBasedRememberMeServices.logout(..) 方法来删除之前在数据库中创建的所有令牌,但它实际上在该方法上调用 TokenBasedRememberMeServices.logout(..) 仅会话无效并且令牌是无效而不是删除该用户名的令牌
任何人都可以帮助解决这个问题
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。