Spring “春季安全”;“记住我”;重定向到登录
我正试图用Spring Security在我的webapp中实现记住我的功能。cookie是正确建立的(我在浏览器中看到过),并被服务器识别(我的应用程序在bbdd中找到用户),但我总是被重定向到登录页面。有人能帮我吗 我的安全配置是:Spring “春季安全”;“记住我”;重定向到登录,spring,primefaces,spring-security,remember-me,Spring,Primefaces,Spring Security,Remember Me,我正试图用Spring Security在我的webapp中实现记住我的功能。cookie是正确建立的(我在浏览器中看到过),并被服务器识别(我的应用程序在bbdd中找到用户),但我总是被重定向到登录页面。有人能帮我吗 我的安全配置是: public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired CustomAuthenticationProvider customAuthentica
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthenticationProvider;
RememberMeAuthenticationProvider rememberMeAuthenticationProvider = new RememberMeAuthenticationProvider(
"OTRS_KEY");
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(customAuthenticationProvider);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.debug(true)
.ignoring()
.antMatchers("/unsec/**", "/resources/**", "/css/**",
"/images/**", "/design/**", "/javax.faces.resource/**",
"/syntaxhighlighter/**");
}
/*
* JSF 1.2/2.0/2.1/2.2 has implicit CSRF protection when h:form is submitted
* with a POST request. This is because the javax.faces.ViewState hidden
* field contains a sufficiently random token. JSF 2.2 adds CSRF protection
* to HTTP GET by allowing the developer to specify protected-views in the
* WEB-INF/faces-config.xml descriptor. URLs that invoke the JSF lifecycle
* via HTTP GET must have the new javax.faces.Token URL parameter. For more
* information, see the tutorial titled Java EE 7: Implementing CSRF
* Protection with JSF 2.2.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().headers().frameOptions().disable().formLogin()
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginPage("/unsec/secureLogin.jsf")
.defaultSuccessUrl("/sec/home.jsf")
.failureUrl("/unsec/secureLogin.jsf").and().rememberMe()
.rememberMeServices(tokenBasedRememberMeServices()).and()
.authorizeRequests().antMatchers("/unsec/**").permitAll()
.antMatchers("/sec/**").authenticated().and().logout()
.deleteCookies("JSESSIONID", "OTRS_REMEMBER");
}
@Bean
public PasswordEncoder passwordEncoder() {
// return new BCryptPasswordEncoder();
return NoOpPasswordEncoder.getInstance();
}
private TokenBasedRememberMeServices tokenBasedRememberMeServices() {
TokenBasedRememberMeServices t = new TokenBasedRememberMeServices(
"OTRS_KEY", satecAuthenticationProvider.getIdentitiesService());
t.setParameter("_spring_security_remember_me_input");
t.setAlwaysRemember(true);
t.setCookieName("OTRS_REMEMBER");
t.setTokenValiditySeconds(7200);
return t;
}
}这两者有什么关系?(除了“我正在使用它”)因为Spring安全过滤器在Primefaces和JSF生命周期中起作用