设置 Spring Security Remember Me(持久 token 方法)后,用户的数据将存储到数据库(“persistent_token”表)中。我可以在浏览器中看到“SPRING_SECURITY_REMEMBER_ME_COOKIE”。重新启动服务器后,我刷新我的并且同一用户已登录。但是,当同一用户再次登录时,他的数据应该更新。但是,它没有更新,而是插入到数据库中。因此,一个用户在该表中有多个值。 我的 applicationSecurity.xml 是,
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/admin" access="hasRole('ADMINISTRATOR')" />
<security:intercept-url pattern="/welcome" access="isAuthenticated()" />
<security:remember-me
token-validity-seconds = "1209600"
data-source-ref = "dataSource"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
</security:authentication-provider>
</security:authentication-manager>
我的实体类,
@Entity
@Table(name = "persistent_logins")
public class RememberMeToken implements Serializable {
@Column(name = "username")
private String username;
@Id
@Column(name = "series")
private String series;
@Column(name = "token")
private String token;
@Column(name = "last_used")
@Temporal(javax.persistence.TemporalType.DATE)
private Date date;
public RememberMeToken(){
}
public RememberMeToken(PersistentRememberMeToken token)
{
this.username = token.getUsername();
this.series = token.getSeries();
this.token = token.getTokenValue();
this.date = token.getDate();
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getSeries() {
return series;
}
public void setSeries(String series) {
this.series = series;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
public Date getDate() {
return date;
}
public void setDate(Date date) {
this.date = date;
}
}
实现PersistentTokenRepository,
@Repository
public class PersistentTokenRepositoryImpl implements PersistentTokenRepository{
@Autowired
private RememberMeTokenRepository rememberMeTokenRepository;
@Override
public void createNewToken(PersistentRememberMeToken token) {
RememberMeToken newToken = new RememberMeToken(token);
this.rememberMeTokenRepository.save(newToken);
}
@Override
public void updateToken(String series, String tokenValue, Date lastUsed) {
RememberMeToken token = this.rememberMeTokenRepository.findBySeries(series);
if(token != null)
{
token.setToken(tokenValue);
token.setDate(lastUsed);
}
}
@Override
public PersistentRememberMeToken getTokenForSeries(String series) {
RememberMeToken token = this.rememberMeTokenRepository.findBySeries(series);
return new PersistentRememberMeToken(token.getUsername(),token.getSeries(),token.getToken(),token.getDate());
}
@Override
public void removeUserTokens(String userName) {
Iterable<RememberMeToken> tokens = this.rememberMeTokenRepository.findByUserName(userName);
this.rememberMeTokenRepository.delete(tokens);
}
}
最佳答案
我认为您缺少提供用户名和 token 唯一属性,这样您就可以确保仅插入唯一行,否则如果值已更新,您还可以检查 createNewToken() 方法是否已插入电子邮件,如果电子邮件不存在,则只有您可以插入该行,这样您将获得单个电子邮件的单行,希望这对您有所帮助,问候!
关于java - Spring security Remember-me 无法正常工作,数据库表无法正常工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29272146/