1

我在我的应用程序中使用弹簧安全。现在我试图让记住我的功能正常工作。这是我的spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
             http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.1.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <context:component-scan base-package="core"/>

    <http auto-config="false" use-expressions="true">
        <intercept-url pattern="/views/**" access="permitAll"/>
        <form-login authentication-failure-handler-ref="loginFailure"
                    authentication-success-handler-ref="loginSuccess"/>
        <remember-me key="key"/>
        <logout
                invalidate-session="true"
                delete-cookies="true"/>

    </http>


    <authentication-manager>
        <authentication-provider>
            <password-encoder hash="md5"/>
            <jdbc-user-service data-source-ref="ds"
                               users-by-username-query="SELECT email, password, enabled FROM tuser WHERE email=?"
                               authorities-by-username-query="SELECT tuser, role_id FROM user_role WHERE tuser=?"/>
        </authentication-provider>
    </authentication-manager>

    <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />

</beans:beans>

这是我的应用程序代码。jsp:

<form:form method="POST">

        <table>
            <tr>
                <td>User:</td>
                <td>
                    <input type="text" id="j_username"/>
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td>
                    <input type="password" id="j_password"/>
                </td>
            </tr>
            <tr>
                <td>
                    <input type="checkbox" id="_spring_security_remember_me"/>
                </td>
                <td>
                    <s:message code="RememberMe"/>
                </td>
            </tr>
            <tr>
                <td colspan='2'>
                    <input id="loginBtn" name="submit" type="button" onclick="ajaxLogin()" value="Войти"/>
                </td>
            </tr>
        </table>

    </form:form>

和使ajax登录的javascript:

function ajaxLogin() {
    $("#errorText").css('display', 'none');
    $('#loginBtn').attr('disabled', 'true');

    var user_name = $("#j_username").val();
    var user_pass = $("#j_password").val();
    var rememberMe = $("#_spring_security_remember_me").prop("checked");

    $.ajax({
        url:"../../j_spring_security_check",
        data:{ j_username:user_name, j_password:user_pass, _spring_security_remember_me:rememberMe},
        type:"POST",
        beforeSend:function (xhr) {

            xhr.setRequestHeader("login-ajax", "true");
        },
        success:function (result) {

            if (result == "ok") {
                window.location.reload()
            } else {
                $("#errorText").css('display', 'block');
            }

        },
        error:function (XMLHttpRequest, textStatus, errorThrown) {
            return false;
        }
    })
    ;
}

问题是即使我没有在登录表单中选中“记住我”选项,spring 也会记住用户。如果我从配置文件中删除,它不记得了。这个参数的存在是否让spring表现得像这样?如何控制记住我的功能?提前致谢!

4

1 回答 1

1

标签注销中的属性 delete-cookies="true"

<logout delete-cookies="true"/>

不是布尔类型它是逗号分隔的 cookie 文件名列表

在标签中记住我

<remember-me/>

存在属性 token-validity-seconds 确定您的令牌有效的秒数

例如

<remember-me key="key" token-validity-seconds="2419200" />

一个月的意思

也许当您第一次登录并在此注销后您的令牌不会被删除并且仍然存在,但是当您删除标签时

<remember-me/>

它不起作用,一切都是正确的

于 2012-10-21T12:08:10.223 回答