Spring Security记住我重新登录失败_Spring_Spring Mvc_Spring Security

Spring Security记住我重新登录失败

spring spring-mvc spring-security

Spring Security记住我重新登录失败,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我试图创建基于持久令牌方法特性的记住我。作为我的数据源，我有mongoDB。为了将令牌存储在as集合中，我重写了PersistentTokenRepository类，看起来还可以，但在重新打开浏览器时无法登录。我使用mongoDB来存储令牌，但所有db层函数都可以按预期工作，这应该不是问题我的spring安全配置如下所示： <security:global-method-security secured-annotations="enabled" /> <security:

我试图创建基于持久令牌方法特性的记住我。作为我的数据源，我有mongoDB。为了将令牌存储在as集合中，我重写了PersistentTokenRepository类，看起来还可以，但在重新打开浏览器时无法登录。我使用mongoDB来存储令牌，但所有db层函数都可以按预期工作，这应该不是问题

我的spring安全配置如下所示：

<security:global-method-security secured-annotations="enabled" />
 <security:http pattern="/login.html" security="none"/>
 <security:http pattern="/signup.html" security="none"/>
  <security:http  auto-config="true" access-denied-page="/accessDenied.jsp">
  <security:form-login login-page="/login.html" login-processing-url="/login" authentication-failure-url="/login.html?login_error=1" default-target-url="/"/> 
  <security:http-basic/>
    <security:intercept-url pattern='/**' access='ROLE_USER' />
  <security:logout logout-url="/logout" logout-success-url="/"/>
  <security:remember-me services-ref="rememberMeServices"/>
    </security:http>

<bean id="userPassAuthFilterBeanPostProcessor"
    class="com.mytwitter.web.security.UserPassAuthFilterBeanPostProcessor">
    <property name="usernameParameter" value="username" />
    <property name="passwordParameter" value="password" />
</bean> 

<bean id="LoginUrlAuthenticationEntryPoint"
  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
  <property name="loginFormUrl" value="/login" />
</bean>

<bean id="daoAuthenticationProvider"
 class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="userDetailsService"/>
</bean>

<bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <property name="providers">
    <list>
      <ref local="daoAuthenticationProvider" />
    </list>
  </property>
</bean>

<security:authentication-manager alias="authManager">
  <security:authentication-provider user-service-ref="userDetailsService">
    <security:password-encoder hash="md5"/>
  </security:authentication-provider>
</security:authentication-manager>

<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
      <property name="tokenRepository" ref="myTokenRepository" />
      <property name="userDetailsService" ref="userDetailsService" />
      <property name="key" value="myRememberMeKey" />
      <property name="alwaysRemember" value="true" />
 </bean>
 <bean id="myTokenRepository" class="com.mytwitter.web.security.MyTokenRepository">
  </bean>

我错过了什么？

今天，在我重新启动笔记本电脑并启动tomcat+eclipse之后，它工作正常，没有出现任何错误。我对这种行为感到很困惑，但上帝给了我勇气去接受我无法理解的事情，但我相信这与这个网站的旧cookies有关。现在，当所有令牌都过期时，它可以正常工作。

尝试在验证令牌的方法中设置断点。已经设置了。令牌哈希键不一样，但我不知道为什么。也许你应该发布计算哈希的代码，以及导入信息，说明哈希不一样equal@Ralph，今天，在我重新启动笔记本电脑并启动tomcat+eclipse之后，它工作正常，没有出现错误。我对这种行为感到很困惑，但上帝给了我勇气去接受我无法理解的事情，但我相信这与这个网站的旧cookies有关。现在，当它们全部过期时，它就可以正常工作了。

2012-02-05 00:33:54,374 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.FilterChainProxy - /index.jsp at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' - 287265 
2012-02-05 00:33:59,801 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected - 292692 
getting Token
2012-02-05 00:34:04,829 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} in db.collection: xxx.rememberMeTokens - 297720 
2012-02-05 00:34:21,471 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Refreshing persistent login token for user 'aaaa', series 'qhvYe8ZsDX+72ZbeNxSGzQ==' - 314362 
Updating Token
2012-02-05 00:34:23,043 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - calling update using query: { "series" : "qhvYe8ZsDX+72ZbeNxSGzQ=="} and update: { "$set" : { "token" : "LVBRYo/vjEARdm262UA07g==" , "last_used" : { "$date" : "2012-02-04T22:34:22.333Z"}}} in collection: persistentRememberMeToken - 315934 
2012-02-05 00:34:26,427 DEBUG [http-bio-8080-exec-7] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "nickname" : "aaaa"} in db.collection: xxxx.users - 319318 
2012-02-05 00:34:45,623 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie accepted - 338514 
2012-02-05 00:36:24,438 DEBUG [http-bio-8080-exec-7] org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.RememberMeAuthenticationProvider - 437329 
2012-02-05 00:36:45,543 DEBUG [http-bio-8080-exec-7] org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: 'org.springframework.security.authentication.RememberMeAuthenticationToken@7609e07a: Principal: com.mytwitter.web.security.AuthUser@3214512e; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'; invalidating remember-me token - 458434 
org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
    at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:679)