Can't get Spring security "remember me" feature to work -

September 15, 2013

i'm new spring , java. trying set security remember me feature.

here security.xml , login.jsp files. doing wrong?

`security.xml`

<beans xmlns="http://www.springframework.org/schema/beans"        xmlns:security="http://www.springframework.org/schema/security"        xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"        xsi:schemalocation="http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd           http://www.springframework.org/schema/security           http://www.springframework.org/schema/security/spring-security-4.0.xsd">      <security:authentication-manager>     <security:authentication-provider>         <security:jdbc-user-service data-source-ref="datasource"/>         <security:password-encoder ref="passwordencoder"/>     </security:authentication-provider> </security:authentication-manager>      <security:http use-expressions="true">         <security:intercept-url pattern="/" access="permitall"/>         <security:intercept-url pattern="/createplayer" access="isauthenticated()"/>         <security:intercept-url pattern="/players" access="hasrole('role_admin')"/>         <security:intercept-url pattern="/createaccount" access="permitall"/>         <security:intercept-url pattern="/login" access="permitall"/>         <security:intercept-url pattern="/logout" access="permitall"/>         <security:intercept-url pattern="/welcome" access="hasrole('role_admin')"/>         <security:intercept-url pattern="/**" access="denyall"/>          <security:form-login login-page="/login" authentication-failure-url="/login?error=true"/>          <security:remember-me key="myappkey" remember-me-parameter="remember-me"                               remember-me-cookie="remember-me"                               token-validity-seconds="604800"                               data-source-ref="datasource"/>     </security:http>      <bean id="passwordencoder" class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder">     </bean>  </beans>

`login.jsp`

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <body>     <h1>login</h1>     <c:if test="${param.error != null}">     login failed. check if username or password correct!     </c:if>      <form action = "/login", method="post">     <input type="hidden" name="${_csrf.parametername}" value="${_csrf.token}"/>      name <br>     <input name="username"/> <br>     password<br>     <input type="password" name="password"/> <br>      remember me <br>     <input type="checkbox" name="remember-me">      <br><br>     <input type="submit"> <br><br>  </form>      <h2>${msg}</h2>     <br>     <a href = "http://localhost:9999/createaccount"> create account </a> <br> </body> </html>

p.s. tried adding

<session-config>   <session-timeout>1</session-timeout> </session-config>

to web.xml check if "remember me" works, instead "remembering me" logs out in 1 minute.

add id jdbc-user-service

<security:jdbc-user-service data-source-ref="datasource" id="jdbcuserservice/>

and refer service remember-me it's id this:

<security:remember-me key="myappkey"                       user-service-ref="jdbcuserservice"/>

Search This Blog

MOno

Can't get Spring security "remember me" feature to work -

`security.xml`

`login.jsp`

Comments

Post a Comment

Popular posts from this blog

How to understand 2 main() functions after using uftrace to profile the C++ program? -

c# - Update a combobox from a presenter (MVP) -

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -