Spring 3.0 Remember Me

application-security.XML

Code:

<security:http access-decision-manager-ref="accessDecisionManager" access-denied-page="/home.htm?failed=true"> <security:session-management session-authentication-strategy-ref="sessionFixation" invalid-session-url="/home.htm" /> <security:form-login login-page="/standardlogin.htm" authentication-success-handler-ref="authenticationSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler" /> <security:logout logout-url="/j_spring_security_logout" logout-success-url="/home.htm" invalidate-session="true" /> <security:anonymous username="anonymous" /> <security:remember-me services-ref="rememberMeServices" key="a23eef6dfd1514cb885f47070380ff18"/> </security:http> <bean id="sessionFixation" class="de.hybris.platform.servicelayer.security.spring.HybrisSessionFixationProtectionStrategy"/> <security:global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/> <security:authentication-manager alias="theAuthenticationManager"> <security:authentication-provider ref="authenticationProvider" /> <security:authentication-provider ref="rememberMeAuthenticationProvider" /> </security:authentication-manager> <bean id="authenticationSuccessHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationSuccessHandler"> <constructor-arg value="/firstpage.htm"></constructor-arg> </bean> <bean id="authenticationFailureHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationFailureHandler"> <constructor-arg value="/home.htm?failed=true"></constructor-arg> </bean> <bean id="authenticationProvider" parent="ecomAuthenticationProvider" scope="tenant"/> <bean id="ecomAuthenticationProvider" class="com.entertainment.ecom.web.auth.EcomAuthenticationProvider" scope="tenant" abstract="true" /> <util:set id="authorizedGroups" value-type="java.lang.String"> <value>customergroup</value> </util:set> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean id="notInitializedVoter" class="de.hybris.platform.spring.security.voter.HybrisNotInitializedVoter" /> <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" /> <bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> </property> </bean> <bean id="ecomUserDetailsService" class="com.entertainment.ecom.web.auth.EcomUserDetailsService"/> <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="theAuthenticationManager"/> <property name="filterProcessesUrl" value="/j_spring_security_check"/> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/> <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> </bean> <bean id="rememberMeFilter" class= "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="authenticationManager" ref="theAuthenticationManager" /> </bean> <bean id="rememberMeServices" class= "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService" ref="ecomUserDetailsService"/> <property name="key" value="a23eef6dfd1514cb885f47070380ff18"/> <property name="parameter" value="_spring_security_remember_me"/> <property name="cookieName" value="ENTC"/> <property name="tokenValiditySeconds" value="80000"/> </bean> <bean id="rememberMeAuthenticationProvider" class= "org.springframework.security.authentication.RememberMeAuthenticationProvider"> <property name="key" value="a23eef6dfd1514cb885f47070380ff18"/> </bean> <bean id="myfilterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/firstpage.htm" filters="authenticationFilter,rememberMeFilter"/> </security:filter-chain-map> </bean>

login.jsp

Code:

<form id="loginForm" name="loginForm" method="post" action="j_spring_security_check?standardlogin"> <input class="textBox" type="text" name="j_username" id="j_username" /> <input class="textBox" type="password" name="j_password" id="j_password" /> <input type="checkbox" class="chkinput" name="_spring_security_remember_me" value="" checked="checked"/>

Trying to implement "Remember Me" in "Simple Hash-Based Token Approach"
1)Is the above configuration complete and correct? Even cookie is not created.
2)In login.jsp should the name of checkbox be "_spring_security_remember_me".
3)Giving context path for <security:filter-chain pattern="/ecomweb"
4)can the key be any unique value="e4d909c290d0fb1ca068ffaddf22cbd0"
5)difference between this <security:form-login login-page="/standardlogin.htm"

and

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/standardlogin.htm"/>

6)What is the sequence of remember me authentication process from when we check?

Please guide me resolve the issue.
the checkbox in JSP

Set the "value" attribute in the HTML for the checkbox to "true"; otherwise your browser will not send a value for the form field even though it is checked. That's a good place to start, if it still doesn't work, enable debug logging or use a debugger!

Have you set token-validity-seconds in the XML configuration? Assuming the browser is not configured to clear cookies upon close, the cookie should be retained for as long as the time that is configured in the XML (by default, 2 weeks). What browser are you using and how have you verified that the cookie is in fact being set?

On IE and Chrome ,its working fine.

Quote:

Originally Posted by sand_sio2

On IE and Chrome ,its working fine.

Thanks. Can you please answer the rest of my questions? Also, what browser is it failing on?

I was unable to see the cookie in Mozilla after restart.