CODEWITHSUNDEEP
javaspringspring-securityspring-java-configremember-me
sndu
sndu

Reputation: 1033

Spring security: remember-me cookie is created in the browser but password is not saving

I am implementing a remember me in my web app using Java config which does not works. I have gone through all the similar questions and found no solution to my issue.

Here is the code: 

@Bean
    public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
        PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
                "remember-me", userDetailsService, tokenRepository);
//        tokenBasedservice.setAlwaysRemember(true);
//        tokenBasedservice.setCookieName("remeber-me");
        return tokenBasedservice;
    }


@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.
                 .....
                    .and().formLogin()
                    .loginPage("/login")
                    .failureUrl("/login-error")
                    .loginProcessingUrl("/login")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .defaultSuccessUrl("/")
                    .and().logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/").and()
                    .rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository)
                    .tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/access_denied");
        }

This is the html created using thymeleaf

<div class="col-xs-12 col-sm-6 col-md-6">
    <h3>Login</h3>
    <div th:if="${loginError}"
         th:class="'alert alert-'+ *{loginError.type.name}+' alert-dismissible'">
        <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×
        </button>
        <span><b th:text="*{loginError.description}"></b></span>
    </div>
    <form id="login-form" th:action="@{/login}" method="post">
        <div class="form-group">
            <label for="username" class="col-sm-4 control-label">Username</label>
            <div class="col-sm-6">
                <input type="text" class="form-control" id="username" placeholder=""
                       name="username"/>
            </div>
        </div>
        <!-- -->
        <div class="form-group">
            <label for="Password" class="col-sm-4 control-label">Password</label>
            <div class="col-sm-6">
                <input type="password" class="form-control" id="Password"
                       name="password"
                       placeholder=""/>
            </div>
        </div>
        <!-- -->
        <div class="form-group">
            <div class="col-sm-8 col-sm-offset-4 col-md-offset-4">
                <div class="pull-left m-r-20 checkbox icheck">
                    <div class="checkbox icheck">
                        <label>
                            <input type="checkbox" name="remember-me" id="remember-me"/> Remember Me
                        </label>
                    </div>
                </div>
.........

Can anyone figure out the issue?

UPDATE:

When inspecting the code using chrome, I can see remember-me cookie in the list of cookies. So the cookie exists but could not be retrieved at the right place. What causes these kind of scenarios? Is this problem in my code or server side?

screen capture 1

screen capture 2

Upvotes: 0

Views: 1273

Answers (1)

don
don

Reputation: 144

In the configuration file you have given

rememberMeParameter("remember-me")

But in your html 

<input type="checkbox"/> Remember Me

Spring security is not getting the parameter 'remember-me'. Try putting "remember-me" as the name in html for the checkbox. Hope that helps.

Upvotes: 2

Related Questions