当前位置: 首页 > 知识库问答 >
问题:

如何在spring Security中使用自定义配置的RememmeAuthenticationFilter?

岳泳
2023-03-14

我想在spring security(3.1.0)中使用稍微定制的rememberme功能。

我这样声明rememberme标签:

<security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" />

由于我有自己的rememberme服务,我需要将其注入到RememberMeAuthenticationFilter中,我这样定义它:

<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    <property name="rememberMeServices" ref="gymRememberMeService"/>
    <property name="authenticationManager" ref="authenticationManager" />
</bean>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

下面是完整的spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/_ui/**" security="none" />
<!-- Default security config -->
<security:http disable-url-rewriting="true">
    <security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />

    <!-- session stealing is prevented by using secure GUID cookie -->
    <security:session-management session-fixation-protection="none" />

    <!-- SSL / AUTHENTICATED pages -->
    <security:intercept-url pattern="/my-account*" access="ROLE_CUSTOMERGROUP" requires-channel="https" />
    <security:intercept-url pattern="/my-account/**" access="ROLE_CUSTOMERGROUP" requires-channel="https" />

    <!-- SSL / ANONYMOUS pages Login pages need to be SSL, but occur before authentication -->
    <security:intercept-url pattern="/login" requires-channel="https"  />
    <security:intercept-url pattern="/login/**" requires-channel="https" />
    <security:intercept-url pattern="/register" requires-channel="https" />
    <security:intercept-url pattern="/register/**" requires-channel="https" />
    <security:intercept-url pattern="/j_spring_security_check" requires-channel="https" />
    <security:intercept-url pattern="/logout" requires-channel="https" />

    <!-- MiniCart and CartPopup can occur on either secure or insecure pages -->
    <security:intercept-url pattern="/cart/rollover/*" requires-channel="any" />
    <security:intercept-url pattern="/cart/miniCart/*" requires-channel="any" />
    <security:intercept-url pattern="/cart/show" requires-channel="any" />
    <security:intercept-url pattern="/cart/lightboxmybag" requires-channel="any" />
    <security:intercept-url pattern="/cart/remove/*" requires-channel="any" />
    <security:intercept-url pattern="/cart/update/*" requires-channel="any" />
    <security:intercept-url pattern="/cart/getProductSizes/**" requires-channel="any" />
    <security:intercept-url pattern="/cart/getShippingMethods" requires-channel="any" />
    <security:intercept-url pattern="/cart/setShippingMethod" requires-channel="any" />     
    <security:intercept-url pattern="/cart/applyVoucherDiscount" requires-channel="any" />
    <security:intercept-url pattern="/cart/removeVoucherDiscount" requires-channel="any" />

    <security:intercept-url pattern="/checkout/**" requires-channel="https" />

    <!-- product suggest  -->
    <security:intercept-url pattern="/suggest*" requires-channel="any" />

    <!-- cybersource response  -->
    <security:intercept-url pattern="/cybersource/response" requires-channel="any" />
    <security:intercept-url pattern="/cybersource/csResponse" requires-channel="http" />

    <!--  regions -->
    <security:intercept-url pattern="/regions*" requires-channel="any" />
    <security:intercept-url pattern="/regions/*" requires-channel="any" />

    <!-- popup links -->
    <security:intercept-url pattern="/popupLink/*" requires-channel="any" />

    <!--  addresses -->
    <security:intercept-url pattern="/my-addresses*" requires-channel="any" />
    <security:intercept-url pattern="/my-addresses/**" requires-channel="any" />

    <security:intercept-url pattern="/search/autocompleteSecure/**" requires-channel="https" />

    <!-- OPEN / ANONYMOUS pages Run all other (public) pages openly. Note that while credentials are secure, the session id can be sniffed.
        If this is a security concern, then this line should be re-considered -->
    <security:intercept-url pattern="/**" requires-channel="any" method="POST" /> <!-- Allow posts on either secure or insecure -->
    <security:intercept-url pattern="/**" requires-channel="http" /> <!-- Everything else should be insecure -->

    <security:form-login
            login-page="/login"
            authentication-failure-handler-ref="loginAuthenticationFailureHandler" 
            authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler"  />

    <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />

    <security:port-mappings>
        <security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
            https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
        <security:port-mapping http="80" https="443" />
        <!--security:port-mapping http="#{configurationService.configuration.getProperty('proxy.http.port')}"
            https="#{configurationService.configuration.getProperty('proxy.ssl.port')}" /-->
    </security:port-mappings>

    <security:request-cache ref="httpSessionRequestCache" />

    <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" />
</security:http>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="acceleratorAuthenticationProvider" />
</security:authentication-manager>

<bean id="acceleratorAuthenticationProvider" class="org.jnj.storefront.security.AcceleratorAuthenticationProvider"
    scope="tenant">
    <property name="userDetailsService" ref="gymUserDetailService" />
    <property name="adminGroup" value="ROLE_ADMINGROUP"/>
    <property name="userService" ref="userService"/>
    <property name="gymCustomerLoginService" ref="defaultGymCustomerLoginService"/>
</bean>

<bean id="gymUserDetailService" class="org.jnj.storefront.security.services.impl.GymCoreUserDetailsService" scope="tenant">
    <property name="baseDao" ref="asyBaseDao" />
</bean>

<bean id="coreUserDetailsService" class="de.hybris.platform.spring.security.CoreUserDetailsService" scope="tenant" />

<bean id="guidCookieStrategy" class="org.jnj.storefront.security.impl.DefaultGUIDCookieStrategy"
    scope="tenant">
    <property name="cookieGenerator" ref="guidCookieGenerator" />       
</bean>

<alias name="defaultGuidCookieGenerator" alias="guidCookieGenerator"/>
<bean id="defaultGuidCookieGenerator" class="org.jnj.storefront.security.cookie.EnhancedCookieGenerator" scope="tenant">
    <property name="cookieSecure" value="true" />
    <property name="cookieName" value="acceleratorSecureGUID" />        
    <property name="httpOnly" value="false"/>
    <!-- if context allows a httpOnly adjust to true  -->
</bean>

<bean id="autoLoginStrategy" class="org.jnj.storefront.security.impl.DefaultAutoLoginStrategy" scope="tenant">
</bean>

<bean id="httpSessionRequestCache" class="org.jnj.storefront.security.impl.WebHttpSessionRequestCache"
    scope="tenant" />

<bean id="loginUserType" class="org.jnj.storefront.security.impl.LoginUserTypeBean" scope="tenant" />

<bean id="redirectStrategy" class="org.springframework.security.web.DefaultRedirectStrategy" scope="tenant" />

<!-- Login Success Handlers -->

<bean id="loginGuidAuthenticationSuccessHandler" class="org.jnj.storefront.security.GUIDAuthenticationSuccessHandler" scope="tenant">
    <property name="authenticationSuccessHandler" ref="loginAuthenticationSuccessHandler" />
    <property name="guidCookieStrategy" ref="guidCookieStrategy" />
</bean>

<bean id="loginAuthenticationSuccessHandler" class="org.jnj.storefront.security.StorefrontAuthenticationSuccessHandler" scope="tenant">
    <property name="customerFacade" ref="customerFacade" />
    <property name="defaultTargetUrl" value="/my-account"/>
    <property name="useReferer" value="true"/>
    <property name="alwaysUseDefaultTargetUrl" value="false"/>
    <property name="requestCache" ref="httpSessionRequestCache" />
</bean>

<bean id="loginCheckoutGuidAuthenticationSuccessHandler" class="org.jnj.storefront.security.GUIDAuthenticationSuccessHandler" scope="tenant">
    <property name="authenticationSuccessHandler" ref="loginCheckoutAuthenticationSuccessHandler" />
    <property name="guidCookieStrategy" ref="guidCookieStrategy" />
    <property name="defaultGymCartFacade" ref="gymCartFacade"/>
</bean>

<bean id="loginCheckoutAuthenticationSuccessHandler" class="org.jnj.storefront.security.StorefrontAuthenticationSuccessHandler" scope="tenant">
    <property name="customerFacade" ref="customerFacade" />
    <property name="defaultTargetUrl" value="/checkout/single/summary"/>
</bean>

<!-- Login Failure Handlers -->

<bean id="loginAuthenticationFailureHandler" class="org.jnj.storefront.security.LoginAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login?error=auth"/>
    <property name="accountBlockedUrl" value="/login?error=blocked"/>
    <property name="passwordMigrationUrl" value="/login?error=migration"/>
</bean>

<bean id="loginCheckoutAuthenticationFailureHandler" class="org.jnj.storefront.security.LoginAuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login/checkout?error=auth"/>     
    <property name="accountBlockedUrl" value="/login/checkout?error=blocked"/>
    <property name="passwordMigrationUrl" value="/login/checkout?error=migration"/>     
</bean>


<!-- Logout Success Handler -->

<bean id="logoutSuccessHandler" class="org.jnj.storefront.security.StorefrontLogoutSuccessHandler" scope="tenant">
    <property name="defaultTargetUrl" value="/?logout=true"/>
    <property name="guidCookieStrategy" ref="guidCookieStrategy"/>
    <property name="cmsSiteService" ref="cmsSiteService"/>
</bean>

<bean id="gymRememberMeService" class="org.jnj.storefront.security.cookie.DefaultRememberMeService" scope="tenant">
    <property name="tokenService" ref="secureTokenService" />
    <property name="rememberMeCookieGenerator" ref="defaultRememberMeCookieGenerator" />
</bean>

<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    <property name="rememberMeServices" ref="gymRememberMeService"/>
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

共有1个答案

西门靖琪
2023-03-14

你试着看一下这里(Spring Docs)吗?他们说:

“不要忘记将RememberMeServices实现添加到UsernamePasswordAuthenticationFilter.setRememberMeservices()属性中,将RememberMeAuthenticationProvider包含在AuthenticationManager.setProviders()列表中,并将RememberMeAuthenticationFilter添加到FilterChainProxy中(通常紧随UsernamePasswordAuthenticationFilter之后)。”

在你的情况下,RememberMeServices是gymembermeservice;您有RememeAuthenticationProvider吗?

 类似资料:
  • 我正在尝试设置一个SpringCloudConfig服务器,该服务器使用ssh私钥的自定义位置。我需要为密钥指定自定义位置的原因是,运行应用程序的用户没有主目录。。所以我没有办法使用默认的我的密钥的目录。我知道可以选择创建一个只读帐户,并在配置中提供用户/密码,但ssh方式更干净 有什么方法可以设置这个吗?

  • 在像这样的典型Spring Boot应用程序中,我们如何配置它来使用“自定义”日志配置? 例如,在我的应用程序运行的当前环境中,日志正在导致错误,我如何使用其他日志例如:

  • 问题内容: 我正在使用Spring Security 3.2和Spring 4.0.1 我正在将xml配置转换为Java配置。当我在“过滤器”中添加注释时@Autowired,出现异常 我已经尝试了注入,但是由于类似的异常也失败了。 这是我正在使用的XML配置 这是我正在尝试的Java Config 这是“自定义过滤器”类。给我麻烦的那一行是AuthenticationManager的设置器 问题

  • 我正在使用Spring Security 3.2和Spring 4.0.1 下面是我正在尝试的Java配置 这是自定义筛选器类。给我带来麻烦的是AuthenticationManager的setter

  • MOSN 自定义配置说明。 本文是对 MOSN 自定义配置的说明。 Duration String 字符串,由一个十进制数字和一个时间单位后缀组成,有效的时间单位为 ns、us(或?s)、ms、s、m、h,例如 1h、3s、500ms。 metadata metadata 用于 MOSN 路由和 Cluster Host 之间的匹配。 { "filter_metadata":{ "mo

  • 如果你想自定义 Next.js 的高级配置,可以在根目录下新建next.config.js文件(与pages/ 和 package.json一起) 注意:next.config.js是一个 Node.js 模块,不是一个 JSON 文件,可以用于 Next 启动服务已经构建阶段,但是不作用于浏览器端。 // next.config.js module.exports = { /* config