当使用 spring social 从 http 或 https 请求 Facebook 登录时,如何使记住我的 cookie 和会话可通过 http 访问。目前,如果用户通过 https 登录,则无法通过 http 页面读取 cookie(没有用户登录)。我正在使用 use-secure-cookie="false" 但这没有帮助。
<s:remember-me key="mykey" services-ref="rememberMeServices" use-secure-cookie="false"/>
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<property name="userDetailsService" ref="userService" />
<property name="tokenRepository" ref="persistentTokenRepository" />
<property name="key" value="mykey" />
<property name="cookieName" value="rmb" />
<property name="useSecureCookie" value="false" />
<property name="tokenValiditySeconds" value="946708560" />
<property name="alwaysRemember" value="true"></property>
</bean>
我的社交配置:
@Configuration
public class SocialConfig {
@Inject
private Environment environment;
@Inject
private DataSource dataSource;
@Inject
private TextEncryptor textEncryptor;
@Value("${app.url}")
private String applicationUrl;
@Value("${facebook.clientId}")
private String facebookClientId;
@Value("${facebook.clientSecret}")
private String facebookClientSecret;
@Bean
public ConnectionFactoryLocator connectionFactoryLocator() {
ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry();
registry.addConnectionFactory(new FacebookConnectionFactory(
facebookClientId,
facebookClientSecret));
return registry;
}
@Bean
@Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES)
public ConnectionRepository connectionRepository() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
throw new IllegalStateException("Unable to get a ConnectionRepository: no user signed in");
}
return usersConnectionRepository().createConnectionRepository(authentication.getName());
}
@Bean
public UsersConnectionRepository usersConnectionRepository() {
JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository(
dataSource, connectionFactoryLocator(), textEncryptor);
repository.setConnectionSignUp(connectionSignUp());
return repository;
}
@Bean
public TextEncryptor textEncryptor() {
return Encryptors.noOpText();
}
@Bean
public ConnectController connectController() {
ConnectController controller = new ConnectController(
connectionFactoryLocator(), connectionRepository());
controller.setApplicationUrl(applicationUrl);
return controller;
}
@Bean
public ProviderSignInController providerSignInController(RequestCache requestCache) {
ProviderSignInController controller = new ProviderSignInController(connectionFactoryLocator(),
usersConnectionRepository(), signInAdapter());
controller.setSignUpUrl("/register");
controller.setSignInUrl("/socialSignIn");
controller.setPostSignInUrl("socialSignIn");
controller.addSignInInterceptor(new RedirectAfterConnectInterceptor());
return controller;
}
@Bean
public SignInAdapter signInAdapter() {
return new SignInAdapterImpl();
}
@Bean
public ConnectionSignUp connectionSignUp() {
return new ConnectionSignUpImpl();
}
}