Reputation: 263
Spring-boot security remember-me token not working
For some reason I cannot get Spring-Security to work with remember-me. It never creates the cookie on the client side.
Here is my login form
<input type="checkbox" name="_spring_security_remember_me"/> Remember me
also tried
<input type="checkbox" name="remember-me"/> Remember me
Here is my SecuritySettings
http.authorizeRequests()
......
.anyRequest().fullyAuthenticated()
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login")
.and()
.rememberMe()
.tokenValiditySeconds(31536000);
I tried both my own custom form, and the built in Spring login form.. none work for remember me.
The way I tested is, login, copy secured url, close browser, open browser and paste url.
Upvotes: 3
Views: 3747
Answers (1)
Reputation: 7646
This is as simple as changing fullyAuthenticated() to authenticated().
As in javadocs for fullyAuthenticated() it is said :
Specify that URLs are allowed by users who have authenticated and were not "remembered".
Upvotes: 5
Related Questions
- Spring security token persistence storage not working
- Spring-security: remember me token working only one time
- Remember-me doesn't work
- Can't get Spring security "remember me" feature to work
- Spring Security - Remember Me Authentication Error
- Issue with Spring Security remember me token not being set on SecurityContextHolder
- Spring Security Remember Me not working
- Springs Simple <remember-me/> not working :-(
- Spring security Remember me is not working in spring MVC application.
- Spring security: remember-me doesn't work with custom AuthenticationProvider