我正在使用Grails Spring Security Plugin 2.0 RC2 .
当我通过在登录表单中添加复选框来启用(开箱即用的)功能时。
cookie 已正确创建(时间提前 2 周),但 Remember-me 机制在两种情况下不起作用:
- 当我关闭浏览器时,记住我的 cookie 就会消失。为什么?
- 当我删除 JSESSIONID cookie 时, session 不会重新生成。
另外:我不想使用需要在数据库中存储 token 的持久记住我。我想依靠基于 cookie 的记住我策略。
最佳答案
这困扰了我一整天,但我使用的是 Spring Security Plugin 1.2.7.3。
对我来说,这是配置中缺少身份验证提供程序。例如:
grails.plugins.springsecurity.providerNames = [
'rememberMeAuthenticationProvider',
'daoAuthenticationProvider',
'ldapAuthProvider',
'anonymousAuthenticationProvider']
“rememberMeAuthenticationProvider”是缺失的链接。我在设置日志级别以跟踪与我正在做的事情相关的所有事情时发现了这一点:
trace 'org.springframework.security.web.authentication.rememberme',
'org.springframework.security.web.authentication',
'org.springframework.security.web',
'org.springframework.security'
我在输出中看到了这一点(注意粗体):
2014-01-21 13:10:59,490 [http-bio-8080-exec-3] DEBUG rememberme.TokenBasedRememberMeServices - Remember-me cookie detected
2014-01-21 13:10:59,545 [http-bio-8080-exec-3] DEBUG rememberme.TokenBasedRememberMeServices - Remember-me cookie accepted
2014-01-21 13:10:59,582 [http-bio-8080-exec-3] DEBUG rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: 'org.springframework.security.authentication.RememberMeAuthenticationToken@7651888e: Principal: org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser@d008d6e3: invalidating remember-me token
Message: No AuthenticationProvider found for org.springframework.security.authentication.RememberMeAuthenticationToken
2014-01-21 13:10:59,638 [http-bio-8080-exec-3] DEBUG rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
2014-01-21 13:10:59,638 [http-bio-8080-exec-3] DEBUG rememberme.TokenBasedRememberMeServices - Cancelling cookie
仅供引用,删除 JSESSIONID cookie 本质上与关闭浏览器相同:http://muras.eu/index.html%3Fp=673.html
希望有帮助!
关于spring - Grails "remember me"不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20924790/