CODEWITHSUNDEEP
spring-security
Mayur Tanna
Mayur Tanna

Reputation: 21

Spring security 3.0 remember me functionality

I have been trying to implement spring security 3.0 remember me service in my application but unfortunately couldn't get it working.

I didn't find any specific example related to this, not even in spring documentation. It would be nice if somebody can give a working example code. Please find code of my spring-security.xml file.

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.0.xsd">


<security:http entry-point-ref="myAuthenticationEntryPoint">

    <security:session-management
        session-fixation-protection="newSession" />
    <security:custom-filter position="FORM_LOGIN_FILTER"
        ref="processingFilter" />
    <security:logout logout-url="/logout"
        logout-success-url="/login" />
    <security:intercept-url pattern='/index.jsp'
        filters='none' />
    <security:intercept-url pattern='/login*'
        filters='none' />
    <security:remember-me key="springrocks" />

    <security:intercept-url pattern='/admin/**'
        access="ROLE_ADMIN" />

</security:http>

<security:authentication-manager>
    <security:authentication-provider
        ref="myAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<bean id="myAuthenticationProvider"
    class="example.AuthenticationProviderExtended">

</bean>

<bean id="authenticationManager" class="example.AuthenticationManagerExtended" />

<bean id="processingFilter" class="example.FormBasedProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="usernameParameter" value="username" />
    <property name="passwordParameter" value="password" />
    <property name="allowSessionCreation" value="true" />
    <property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler" />
    <property name="authenticationSuccessHandler" ref="simpleUrlAuthenticationSuccessHandler" />
    <property name="filterProcessesUrl" value="/performLogin" />
</bean>


<bean id="simpleUrlAuthenticationFailureHandler" class="example.AuthenticationFailureHandler">
    <property name="defaultFailureUrl" value="/login"></property>
</bean>

<bean id="simpleUrlAuthenticationSuccessHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <property name="defaultTargetUrl" value="/home" />
</bean>


<bean id="myAuthenticationEntryPoint"
    class="example.CustomAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/login" />
</bean>

<bean id="rememberMeFilter"
    class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    <property name="rememberMeServices" ref="rememberMeServices" />
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="rememberMeServices"
    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="myUserDetailsService" />
    <property name="key" value="springRocks" />
</bean>

<bean id="rememberMeAuthenticationProvider"
    class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
    <property name="key" value="springRocks" />
</bean>

<bean id="myUserDetailsService" class="example.MyCustomeUserDetailsService">

</bean>

</beans>

Upvotes: 1

Views: 3355

Answers (2)

gerrytan
gerrytan

Reputation: 41123

You need to make sure your form contains a checkbox (or other types of input with) the remember me attribute name

<input type="checkbox" name="_spring_security_remember_me"/>

This attribute is configurable via remember-me-parameter on xml, eg:

<remember-me remember-me-parameter="please_remember"/>

Upvotes: 0

Michael
Michael

Reputation: 10319

Please look the Spring Security documentation here: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#remember-me-hash-token

Upvotes: 1

Related Questions