Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring “春季安全”;“记住我”;重定向到登录_Spring_Primefaces_Spring Security_Remember Me - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring “春季安全”;“记住我”;重定向到登录

Spring “春季安全”;“记住我”;重定向到登录

spring primefaces spring-security

Spring “春季安全”;“记住我”;重定向到登录,spring,primefaces,spring-security,remember-me,Spring,Primefaces,Spring Security,Remember Me,我正试图用Spring Security在我的webapp中实现记住我的功能。cookie是正确建立的(我在浏览器中看到过),并被服务器识别(我的应用程序在bbdd中找到用户),但我总是被重定向到登录页面。有人能帮我吗 我的安全配置是: public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired CustomAuthenticationProvider customAuthentica

我正试图用Spring Security在我的webapp中实现记住我的功能。cookie是正确建立的(我在浏览器中看到过),并被服务器识别(我的应用程序在bbdd中找到用户),但我总是被重定向到登录页面。有人能帮我吗

我的安全配置是:

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
CustomAuthenticationProvider customAuthenticationProvider;
RememberMeAuthenticationProvider rememberMeAuthenticationProvider = new RememberMeAuthenticationProvider(
        "OTRS_KEY");

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.authenticationProvider(customAuthenticationProvider);
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.debug(true)
            .ignoring()
            .antMatchers("/unsec/**", "/resources/**", "/css/**",
                    "/images/**", "/design/**", "/javax.faces.resource/**",
                    "/syntaxhighlighter/**");
}

/*
 * JSF 1.2/2.0/2.1/2.2 has implicit CSRF protection when h:form is submitted
 * with a POST request. This is because the javax.faces.ViewState hidden
 * field contains a sufficiently random token. JSF 2.2 adds CSRF protection
 * to HTTP GET by allowing the developer to specify protected-views in the
 * WEB-INF/faces-config.xml descriptor. URLs that invoke the JSF lifecycle
 * via HTTP GET must have the new javax.faces.Token URL parameter. For more
 * information, see the tutorial titled Java EE 7: Implementing CSRF
 * Protection with JSF 2.2.
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().headers().frameOptions().disable().formLogin()
            .loginProcessingUrl("/j_spring_security_check")
            .usernameParameter("j_username")
            .passwordParameter("j_password")
            .loginPage("/unsec/secureLogin.jsf")
            .defaultSuccessUrl("/sec/home.jsf")
            .failureUrl("/unsec/secureLogin.jsf").and().rememberMe()
            .rememberMeServices(tokenBasedRememberMeServices()).and()
            .authorizeRequests().antMatchers("/unsec/**").permitAll()
            .antMatchers("/sec/**").authenticated().and().logout()
            .deleteCookies("JSESSIONID", "OTRS_REMEMBER");

}

@Bean
public PasswordEncoder passwordEncoder() {
    // return new BCryptPasswordEncoder();
    return NoOpPasswordEncoder.getInstance();
}

private TokenBasedRememberMeServices tokenBasedRememberMeServices() {
    TokenBasedRememberMeServices t = new TokenBasedRememberMeServices(
            "OTRS_KEY", satecAuthenticationProvider.getIdentitiesService());
    t.setParameter("_spring_security_remember_me_input");
    t.setAlwaysRemember(true);
    t.setCookieName("OTRS_REMEMBER");
    t.setTokenValiditySeconds(7200);
    return t;
}
}

这两者有什么关系?(除了“我正在使用它”)因为Spring安全过滤器在Primefaces和JSF生命周期中起作用