Spring Security 使用 PersistentTokenBasedRememberMeServices 记住我

如何解决Spring Security 使用 PersistentTokenBasedRememberMeServices 记住我

我只为 PersistentTokenBasedRememberMeServices 类创建了 bean

    public RememberMeAuthenticationFilter rememberMeFilter() throws Exception
    {
        RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(authenticationManager(),rememberMeServices());
        return filter;
    }

    @Bean
    public SecurityRememberMeServices rememberMeServices()
    {
        SecurityRememberMeServices secRemmeSvc = new SecurityRememberMeServices(Constants.REMEMBER_ME_KEY,userDetailsService(),tokenRepository(),rootConfig.userDetailDBQueryExecutor());
        secRemmeSvc.setParameter(Constants.REMEMBER_ME_ParaMETER);
        secRemmeSvc.setTokenValiditySeconds(Constants.TOKEN_VALIDITY_SECONDS);
        logger.debug("### $$$ Token Validity: " + Constants.TOKEN_VALIDITY_SECONDS);
        return secRemmeSvc;
    }

    @Bean
    public PersistentTokenRepository tokenRepository()
    {
        JdbcTokenRepositoryImpl jdbcTokenRepo = new JdbcTokenRepositoryImpl();
        jdbcTokenRepo.setDataSource(rootConfig.dataSource());
        return jdbcTokenRepo;
    }

    @Bean
    public UserDetailsService userDetailsService()
    {
        SecurityUserDetailsService userDetailsService = new SecurityUserDetailsService();
        userDetailsService.setUserDao(rootConfig.userDao());
        return userDetailsService;
    }



SecurityRememberMeServices :

public class SecurityRememberMeServices extends 
PersistentTokenBasedRememberMeServices
{
  public SecurityRememberMeServices(String key,UserDetailsService userDetailsService,PersistentTokenRepository tokenRepository,UserDetailDBQueryExecutor userDetailDBQueryExecutor)
    {
        super(key,userDetailsService,tokenRepository);
    }

    @Override
    protected boolean rememberMeRequested(HttpServletRequest request,String parameter)
    {
        logger.debug("### Remember Requests: " + parameter);
        return super.rememberMeRequested(request,parameter);
    }

    @Override
    protected void onLoginSuccess(HttpServletRequest request,HttpServletResponse response,Authentication successfulAuthentication)
    {

      logger.debug("### Remember Me Login Success: " + (UserPrincipal) 
      successfulAuthentication.getPrincipal());
      super.onLoginSuccess(request,response,successfulAuthentication);
    }

    @Override
    protected UserDetails processAutoLoginCookie(String[] cookietokens,HttpServletRequest request,HttpServletResponse response)
    {
      String userName = token.getUsername();
      logger.debug("username"+userName );

     return super.processAutoLoginCookie(cookietokens,request,response);
    }

   @Override
    public void logout(HttpServletRequest request,Authentication authentication)
    {

        String username = authentication.getName();
        logger.debug("### To remove persistent login for user " + username);
        super.logout(request,authentication);
    }


}

在登录过程中，它可以通过调用正常工作

PersistentTokenBasedRememberMeServices.onLoginSuccess(...) 被调用并生成一个令牌并存储在数据库中

在调用 logout 时，它应该调用 PersistentTokenBasedRememberMeServices.logout(..) 方法来删​​除之前在数据库中创建的所有令牌，但它实际上在该方法上调用 TokenBasedRememberMeServices.logout(..) 仅会话无效并且令牌是无效而不是删除该用户名的令牌

任何人都可以帮助解决这个问题

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。