【发布时间】:2013-03-18 13:45:41
【问题描述】:
我登录了我的网站。 Cookie 正确创建。
我看到了 JSESSIONID 和 SPRING_SECURITY_REMEMBER_ME_COOKIE(此时它的名字是 testMecook)。没关系
然后,我关闭浏览器,然后打开它。并删除了 SPRING_SECURITY_REMEMBER_ME_COOKIE 字段。为什么?
我的配置弹簧安全是
<http pattern="/resources" security="none" />
<http use-expressions="true" disable-url-rewriting="true">
<intercept-url pattern="/" access="permitAll"/>
<form-login login-page="/users/login"
authentication-failure-url="/users/loginfail"
default-target-url="/"/>
<access-denied-handler error-page="/users/denied"/>
<logout logout-success-url="/" delete-cookies="JSESSIONID, testMecook"/>
<remember-me key="TestCOOK" services-ref="rememberMeService"/>
<anonymous/>
</http>
<authentication-manager erase-credentials="false">
<authentication-provider ref="authenticationProvider"/>
</authentication-manager>
<beans:bean id="rememberMeService"
class="org.xxx.security.CustomRememberMeService">
<beans:property name="key" value="TestCOOK"/>
<beans:property name="userDetailsService" ref="customUserDetailsService"/>
<beans:property name="cookieName" value="testMecook"/>
</beans:bean>
<beans:bean id="authenticationProvider"
class="org.xxx.security.provider.UserAuthenticationProvider"/>
<beans:bean id="customUserDetailsService"
class="org.xxx.security.provider.UserDetailsServiceImpl"/>
【问题讨论】:
标签: spring security remember-me