我最近遇到了一个问题,每次从 iOS 的主屏幕启动 Web 应用程序或将其置于前台时,我都会重新进行身份验证(我最初是从 Safari 将其添加到主屏幕)。当我直接在 Safari 中时,不会发生这种情况。
我的研究表明,这可以在 php 中通过创建/重新启动会话然后添加会话 cookie 来克服,如下所示:
// Start or resume session
session_start();
// Extend cookie life time by an amount of your liking
$cookieLifetime = 365 * 24 * 60 * 60; // A year in seconds
setcookie(session_name(),session_id(),time()+$cookieLifetime);
而不是以编程方式执行此操作,我想知道是否有办法通过 XML 配置执行此操作。否则,我怎么能用 Spring Security 完成类似的事情呢?
这是我的security-ctx.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
</bean>
<sec:http auto-config="false" entry-point-ref="http403EntryPoint">
<sec:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</sec:http>
<bean id="siteminderFilter" class=
"org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="x-paas-uid"/>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="ldapUserDetailsService"/>
</bean>
</property>
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="preauthAuthProvider"/>
</sec:authentication-manager>
<!-- Example using LDAP, but will ultimately use database service -->
<sec:ldap-server id="ldapServer" port="636" root="o=home"
url="ldaps://ldap.home.com"/>
<sec:ldap-user-service id="ldapUserDetailsService" server-ref="ldapServer"
group-search-base="ou=groups,o=home"
role-prefix="ROLE_" group-role-attribute="cn"
user-search-base="ou=people,o=home" user-search-filter="uid={0}"/>
</beans>