Spring Security Remember-me with Ajax login -

-

i have implemented spring security ajax login. .

i defined own customauthenticationentrypoint, authenticationfilter, securityloginsuccesshandler. can authenticate user. however, when add remember me part. not work. there no sql run in database insert token persistent_logins. not know if there wrong configuration? please help.

<beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd">      <http pattern="/resources/**" security="none" />     <http auto-config="false" use-expressions="true" entry-point-ref="customauthenticationentrypoint">          <intercept-url pattern="/**" access="permitall" />          <access-denied-handler error-page="/denied" />          <logout invalidate-session="true" delete-cookies="jsessionid"             success-handler-ref="securitylogoutsuccesshandler" logout-url="/logout" />          <custom-filter ref="authenticationfilter" position="form_login_filter" />         <csrf />          <!-- enable remember me -->     <remember-me          services-ref = "remembermeservices"         key = "_spring_security_remember_me" />     </http>       <beans:bean id="remembermeservices"                 class="org.springframework.security.web.authentication.rememberme.persistenttokenbasedremembermeservices">         <beans:property name="key" value="_spring_security_remember_me"/>         <beans:property name="alwaysremember" value="true"/>         <beans:property name="tokenrepository" ref="jdbctokenrepository"/>         <beans:property name="userdetailsservice" ref="userdetailsservice"/>     </beans:bean>       <beans:bean id="jdbctokenrepository"                 class="org.springframework.security.web.authentication.rememberme.jdbctokenrepositoryimpl">         <beans:property name="createtableonstartup" value="false"/>         <beans:property name="datasource" ref="datasource"/>     </beans:bean>      <beans:bean id="customauthenticationentrypoint"         class="com.tong.beau.service.security.customauthenticationentrypoint">         <beans:property name="loginpageurl" value="/login" />         <beans:property name="returnparameterenabled" value="true" />         <beans:property name="returnparametername" value="r" />     </beans:bean>      <beans:bean id="authenticationfilter"         class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">         <beans:property name="authenticationmanager" ref="authenticationmanager" />         <beans:property name="filterprocessesurl" value="/security_check" /><!--              change here if customize form action -->         <!-- handler login ajax post -->         <beans:property name="authenticationfailurehandler"             ref="securityloginfailurehandler" />         <beans:property name="authenticationsuccesshandler"             ref="securityloginsuccesshandler" />         <beans:property name="passwordparameter" value="password" /><!--              change here password field name in form -->         <beans:property name="usernameparameter" value="username" /><!--              change here username field name in form -->     </beans:bean>      <beans:bean id="securityloginsuccesshandler"         class="com.tong.beau.service.security.securityloginsuccesshandler">         <beans:property name="defaulttargeturl" value="/" />         <beans:property name="targeturlparameter" value="return-url"/>     </beans:bean>      <beans:bean id="securityloginfailurehandler"         class="com.tong.beau.service.security.securityloginfailurehandler">         <beans:property name="defaultfailureurl" value="/login/failure" />     </beans:bean>      <beans:bean id="securitylogoutsuccesshandler"         class="com.tong.beau.service.security.securitylogoutsuccesshandler">         </beans:bean>      <beans:bean id="encoder"         class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder" />      <authentication-manager alias="authenticationmanager">         <authentication-provider user-service-ref="userdetailsservice">             <password-encoder ref="encoder" />         </authentication-provider>     </authentication-manager> </beans:beans>

since implemented customauthenticationentrypoint, need handle remember me service in entry point?

after looking @ source code of spring security 4.0.3, found out default parameter defined this: 

public static final string default_parameter = "remember-me";

so did edit front end send data name "remember-me".

before spring security 4.0.3, default parameter _spring_security_remember_me

that worth of mention. configuration has problems.

my working configuration following.

<beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">      <http pattern="/resources/**" security="none" />     <http auto-config="false" use-expressions="true" entry-point-ref="customauthenticationentrypoint">          <intercept-url pattern="/**" access="permitall" />          <access-denied-handler error-page="/denied" />          <logout invalidate-session="true" delete-cookies="jsessionid"             success-handler-ref="securitylogoutsuccesshandler" logout-url="/logout" />          <custom-filter ref="authenticationfilter" position="form_login_filter" />         <custom-filter ref="remembermefilter" after="form_login_filter" />         <csrf />         <remember-me key = "remember-me" services-ref="remembermeservices"/>     </http>      <beans:bean id="remembermefilter" class="org.springframework.security.web.authentication.rememberme.remembermeauthenticationfilter">           <beans:constructor-arg ref="authenticationmanager"/>           <beans:constructor-arg ref="remembermeservices"/>     </beans:bean>      <beans:bean id="remembermeservices"                 class="org.springframework.security.web.authentication.rememberme.persistenttokenbasedremembermeservices">           <beans:constructor-arg value="remember-me"/>           <beans:constructor-arg ref="userdetailsservice"/>           <beans:constructor-arg ref="jdbctokenrepository"/>     </beans:bean>      <beans:bean id="remembermeauthenticationprovider" class="org.springframework.security.authentication.remembermeauthenticationprovider">         <beans:constructor-arg value="remember-me"/>     </beans:bean>      <beans:bean id="jdbctokenrepository"                 class="org.springframework.security.web.authentication.rememberme.jdbctokenrepositoryimpl">         <beans:property name="createtableonstartup" value="false"/>         <beans:property name="datasource" ref="datasource"/>     </beans:bean>      <beans:bean id="customauthenticationentrypoint"         class="com.tong.beau.service.security.customauthenticationentrypoint">         <beans:property name="loginpageurl" value="/login" />         <beans:property name="returnparameterenabled" value="true" />         <beans:property name="returnparametername" value="r" />     </beans:bean>      <beans:bean id="authenticationfilter"         class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">          <beans:property name="authenticationmanager" ref="authenticationmanager" />         <beans:property name="remembermeservices" ref="remembermeservices" />         <beans:property name="filterprocessesurl" value="/security_check" />          <!-- change here if customize form action -->         <!-- handler login ajax post -->          <beans:property name="authenticationfailurehandler"             ref="securityloginfailurehandler" />         <beans:property name="authenticationsuccesshandler"             ref="securityloginsuccesshandler" />         <beans:property name="passwordparameter" value="password" />         <!-- change here password field name in form -->         <beans:property name="usernameparameter" value="username" />         <!-- change here username field name in form -->     </beans:bean>      <beans:bean id="securityloginsuccesshandler"         class="com.tong.beau.service.security.securityloginsuccesshandler">         <beans:property name="defaulttargeturl" value="/" />         <beans:property name="targeturlparameter" value="return-url"/>     </beans:bean>      <beans:bean id="securityloginfailurehandler"         class="com.tong.beau.service.security.securityloginfailurehandler">         <beans:property name="defaultfailureurl" value="/login/failure" />     </beans:bean>      <beans:bean id="securitylogoutsuccesshandler"         class="com.tong.beau.service.security.securitylogoutsuccesshandler">         </beans:bean>      <beans:bean id="encoder"         class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder" />      <authentication-manager alias="authenticationmanager">         <authentication-provider ref="remembermeauthenticationprovider">          </authentication-provider>          <authentication-provider user-service-ref="userdetailsservice">             <password-encoder ref="encoder" />         </authentication-provider>     </authentication-manager> </beans:beans>

Comments

Post a Comment

Popular posts from this blog

ios - Memory not freeing up after popping viewcontroller using ARC -

-
hi project arc based, using uinavigationcontroller make transition between viewcontroller. using profiler analyse happening behind scene memory. noticed when push viewcontroller allocate memory components , when pop not freeing allocated memory. since using arc unable implement dealloc or release component. have analysed in detail , there no memory leak in project. i not using strong property push viewcontroller. here how pushing viewcontroller. viewcontroller *obj = [[viewcontroller alloc] init]; [self.navigationcontroller pushviewcontroller:obj animated:no]; any clue whats going on? should free memory have consumed. please advise your description indicates have retain cycle, leads objects not being deallocated. typical source of retain cycles properties assigned loading nib files (usually declared iboutlet ). two strategies break them , release objects: declare property weak : @property (nonatomic, weak) iboutlet uilabel *statuslabel; set property nil in...
Read more

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more