Spring Security 使用 PersistentTokenBasedRememberMeServices 记住我

问题描述

我只为 PersistentTokenBasedRememberMeServices 类创建了 bean

    public RememberMeAuthenticationFilter rememberMeFilter() throws Exception
    {
        RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(authenticationManager(),rememberMeServices());
        return filter;
    }

    @Bean
    public SecurityRememberMeServices rememberMeServices()
    {
        SecurityRememberMeServices secRemmeSvc = new SecurityRememberMeServices(Constants.REMEMBER_ME_KEY,userDetailsService(),tokenRepository(),rootConfig.userDetailDBQueryExecutor());
        secRemmeSvc.setParameter(Constants.REMEMBER_ME_ParaMETER);
        secRemmeSvc.setTokenValiditySeconds(Constants.TOKEN_VALIDITY_SECONDS);
        logger.debug("### $$$ Token Validity: " + Constants.TOKEN_VALIDITY_SECONDS);
        return secRemmeSvc;
    }

    @Bean
    public PersistentTokenRepository tokenRepository()
    {
        JdbcTokenRepositoryImpl jdbcTokenRepo = new JdbcTokenRepositoryImpl();
        jdbcTokenRepo.setDataSource(rootConfig.dataSource());
        return jdbcTokenRepo;
    }

    @Bean
    public UserDetailsService userDetailsService()
    {
        SecurityUserDetailsService userDetailsService = new SecurityUserDetailsService();
        userDetailsService.setUserDao(rootConfig.userDao());
        return userDetailsService;
    }



SecurityRememberMeServices :

public class SecurityRememberMeServices extends 
PersistentTokenBasedRememberMeServices
{
  public SecurityRememberMeServices(String key,UserDetailsService userDetailsService,PersistentTokenRepository tokenRepository,UserDetailDBQueryExecutor userDetailDBQueryExecutor)
    {
        super(key,userDetailsService,tokenRepository);
    }

    @Override
    protected boolean rememberMeRequested(HttpServletRequest request,String parameter)
    {
        logger.debug("### Remember Requests: " + parameter);
        return super.rememberMeRequested(request,parameter);
    }

    @Override
    protected void onLoginSuccess(HttpServletRequest request,HttpServletResponse response,Authentication successfulAuthentication)
    {

      logger.debug("### Remember Me Login Success: " + (UserPrincipal) 
      successfulAuthentication.getPrincipal());
      super.onLoginSuccess(request,response,successfulAuthentication);
    }

    @Override
    protected UserDetails processAutoLoginCookie(String[] cookietokens,HttpServletRequest request,HttpServletResponse response)
    {
      String userName = token.getUsername();
      logger.debug("username"+userName );

     return super.processAutoLoginCookie(cookietokens,request,response);
    }

   @Override
    public void logout(HttpServletRequest request,Authentication authentication)
    {

        String username = authentication.getName();
        logger.debug("### To remove persistent login for user " + username);
        super.logout(request,authentication);
    }


}

在登录过程中，它可以通过调用正常工作

PersistentTokenBasedRememberMeServices.onLoginSuccess(...) 被调用并生成一个令牌并存储在数据库中

在调用 logout 时，它应该调用 PersistentTokenBasedRememberMeServices.logout(..) 方法来删除之前在数据库中创建的所有令牌，但它实际上在该方法上调用 TokenBasedRememberMeServices.logout(..) 仅会话无效并且令牌是无效而不是删除该用户名的令牌

任何人都可以帮助解决这个问题

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）

configuration configuration configuration remember-me spring spring spring-mvc spring-security