我的 Spring Security XML 如下:
<http use-expressions="true">
<intercept-url pattern="/login" access="isAnonymous()" requires-channel="https"/>
<intercept-url pattern="/login/" access="isAnonymous()" requires-channel="https" />
<intercept-url pattern="/logout-success" access="isAnonymous()" />
<intercept-url pattern="/logout-success/" access="isAnonymous()" />
<intercept-url pattern="/logout" access="isAuthenticated()" />
<intercept-url pattern="/**" access="hasRole('ROLE_SUPER_ADMIN')" />
<form-login login-page="/login/" default-target-url="/example/Login_execute"/>
<logout logout-url="/logout" logout-success-url="/logout-success" />
<remember-me services-ref="rememberMeServices"/>
<port-mappings>
<port-mapping http="8080" https="8443"/>
</port-mappings>
</http>
...
<beans:bean id="userDetailsService" class="com.myownpackage.UserAccountServiceImpl"/>
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="tokenRepository" ref="persistentTokenRepository" />
<beans:property name="key" value="myownkey" />
</beans:bean>
<beans:bean id="persistentTokenRepository" class="com.myownpackage.PersistentTokenRepositoryImpl" />
每当我登录并勾选记住我时,我的程序都会保存一些东西来记住我的数据库表(这是正确的)。
如果我关闭浏览器,重新打开浏览器并打开需要身份验证的页面,我的程序将在 PersistentTokenBasedRememberMeServices 执行 processAutoLoginCookie 并返回正确的 UserDetails(这也是正确的)
但是,即便如此,我仍然被重定向到登录页面。
顺便说一句,登录页面是自定义的,我所做的只是显示带有登录表单的 JSP 文件。
在编写 Spring Security XML 时,我是否遗漏了任何步骤?