Spring Security Remember-me with Ajax login -

-

i have implemented spring security ajax login. .

i defined own customauthenticationentrypoint, authenticationfilter, securityloginsuccesshandler. can authenticate user. however, when add remember me part. not work. there no sql run in database insert token persistent_logins. not know if there wrong configuration? please help.

<beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd">      <http pattern="/resources/**" security="none" />     <http auto-config="false" use-expressions="true" entry-point-ref="customauthenticationentrypoint">          <intercept-url pattern="/**" access="permitall" />          <access-denied-handler error-page="/denied" />          <logout invalidate-session="true" delete-cookies="jsessionid"             success-handler-ref="securitylogoutsuccesshandler" logout-url="/logout" />          <custom-filter ref="authenticationfilter" position="form_login_filter" />         <csrf />          <!-- enable remember me -->     <remember-me          services-ref = "remembermeservices"         key = "_spring_security_remember_me" />     </http>       <beans:bean id="remembermeservices"                 class="org.springframework.security.web.authentication.rememberme.persistenttokenbasedremembermeservices">         <beans:property name="key" value="_spring_security_remember_me"/>         <beans:property name="alwaysremember" value="true"/>         <beans:property name="tokenrepository" ref="jdbctokenrepository"/>         <beans:property name="userdetailsservice" ref="userdetailsservice"/>     </beans:bean>       <beans:bean id="jdbctokenrepository"                 class="org.springframework.security.web.authentication.rememberme.jdbctokenrepositoryimpl">         <beans:property name="createtableonstartup" value="false"/>         <beans:property name="datasource" ref="datasource"/>     </beans:bean>      <beans:bean id="customauthenticationentrypoint"         class="com.tong.beau.service.security.customauthenticationentrypoint">         <beans:property name="loginpageurl" value="/login" />         <beans:property name="returnparameterenabled" value="true" />         <beans:property name="returnparametername" value="r" />     </beans:bean>      <beans:bean id="authenticationfilter"         class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">         <beans:property name="authenticationmanager" ref="authenticationmanager" />         <beans:property name="filterprocessesurl" value="/security_check" /><!--              change here if customize form action -->         <!-- handler login ajax post -->         <beans:property name="authenticationfailurehandler"             ref="securityloginfailurehandler" />         <beans:property name="authenticationsuccesshandler"             ref="securityloginsuccesshandler" />         <beans:property name="passwordparameter" value="password" /><!--              change here password field name in form -->         <beans:property name="usernameparameter" value="username" /><!--              change here username field name in form -->     </beans:bean>      <beans:bean id="securityloginsuccesshandler"         class="com.tong.beau.service.security.securityloginsuccesshandler">         <beans:property name="defaulttargeturl" value="/" />         <beans:property name="targeturlparameter" value="return-url"/>     </beans:bean>      <beans:bean id="securityloginfailurehandler"         class="com.tong.beau.service.security.securityloginfailurehandler">         <beans:property name="defaultfailureurl" value="/login/failure" />     </beans:bean>      <beans:bean id="securitylogoutsuccesshandler"         class="com.tong.beau.service.security.securitylogoutsuccesshandler">         </beans:bean>      <beans:bean id="encoder"         class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder" />      <authentication-manager alias="authenticationmanager">         <authentication-provider user-service-ref="userdetailsservice">             <password-encoder ref="encoder" />         </authentication-provider>     </authentication-manager> </beans:beans>

since implemented customauthenticationentrypoint, need handle remember me service in entry point?

after looking @ source code of spring security 4.0.3, found out default parameter defined this: 

public static final string default_parameter = "remember-me";

so did edit front end send data name "remember-me".

before spring security 4.0.3, default parameter _spring_security_remember_me

that worth of mention. configuration has problems.

my working configuration following.

<beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">      <http pattern="/resources/**" security="none" />     <http auto-config="false" use-expressions="true" entry-point-ref="customauthenticationentrypoint">          <intercept-url pattern="/**" access="permitall" />          <access-denied-handler error-page="/denied" />          <logout invalidate-session="true" delete-cookies="jsessionid"             success-handler-ref="securitylogoutsuccesshandler" logout-url="/logout" />          <custom-filter ref="authenticationfilter" position="form_login_filter" />         <custom-filter ref="remembermefilter" after="form_login_filter" />         <csrf />         <remember-me key = "remember-me" services-ref="remembermeservices"/>     </http>      <beans:bean id="remembermefilter" class="org.springframework.security.web.authentication.rememberme.remembermeauthenticationfilter">           <beans:constructor-arg ref="authenticationmanager"/>           <beans:constructor-arg ref="remembermeservices"/>     </beans:bean>      <beans:bean id="remembermeservices"                 class="org.springframework.security.web.authentication.rememberme.persistenttokenbasedremembermeservices">           <beans:constructor-arg value="remember-me"/>           <beans:constructor-arg ref="userdetailsservice"/>           <beans:constructor-arg ref="jdbctokenrepository"/>     </beans:bean>      <beans:bean id="remembermeauthenticationprovider" class="org.springframework.security.authentication.remembermeauthenticationprovider">         <beans:constructor-arg value="remember-me"/>     </beans:bean>      <beans:bean id="jdbctokenrepository"                 class="org.springframework.security.web.authentication.rememberme.jdbctokenrepositoryimpl">         <beans:property name="createtableonstartup" value="false"/>         <beans:property name="datasource" ref="datasource"/>     </beans:bean>      <beans:bean id="customauthenticationentrypoint"         class="com.tong.beau.service.security.customauthenticationentrypoint">         <beans:property name="loginpageurl" value="/login" />         <beans:property name="returnparameterenabled" value="true" />         <beans:property name="returnparametername" value="r" />     </beans:bean>      <beans:bean id="authenticationfilter"         class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">          <beans:property name="authenticationmanager" ref="authenticationmanager" />         <beans:property name="remembermeservices" ref="remembermeservices" />         <beans:property name="filterprocessesurl" value="/security_check" />          <!-- change here if customize form action -->         <!-- handler login ajax post -->          <beans:property name="authenticationfailurehandler"             ref="securityloginfailurehandler" />         <beans:property name="authenticationsuccesshandler"             ref="securityloginsuccesshandler" />         <beans:property name="passwordparameter" value="password" />         <!-- change here password field name in form -->         <beans:property name="usernameparameter" value="username" />         <!-- change here username field name in form -->     </beans:bean>      <beans:bean id="securityloginsuccesshandler"         class="com.tong.beau.service.security.securityloginsuccesshandler">         <beans:property name="defaulttargeturl" value="/" />         <beans:property name="targeturlparameter" value="return-url"/>     </beans:bean>      <beans:bean id="securityloginfailurehandler"         class="com.tong.beau.service.security.securityloginfailurehandler">         <beans:property name="defaultfailureurl" value="/login/failure" />     </beans:bean>      <beans:bean id="securitylogoutsuccesshandler"         class="com.tong.beau.service.security.securitylogoutsuccesshandler">         </beans:bean>      <beans:bean id="encoder"         class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder" />      <authentication-manager alias="authenticationmanager">         <authentication-provider ref="remembermeauthenticationprovider">          </authentication-provider>          <authentication-provider user-service-ref="userdetailsservice">             <password-encoder ref="encoder" />         </authentication-provider>     </authentication-manager> </beans:beans>

Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more