Spring 3.0 Remember Me
application-security.XML
login.jspCode:<security:http access-decision-manager-ref="accessDecisionManager" access-denied-page="/home.htm?failed=true"> <security:session-management session-authentication-strategy-ref="sessionFixation" invalid-session-url="/home.htm" /> <security:form-login login-page="/standardlogin.htm" authentication-success-handler-ref="authenticationSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler" /> <security:logout logout-url="/j_spring_security_logout" logout-success-url="/home.htm" invalidate-session="true" /> <security:anonymous username="anonymous" /> <security:remember-me services-ref="rememberMeServices" key="a23eef6dfd1514cb885f47070380ff18"/> </security:http> <bean id="sessionFixation" class="de.hybris.platform.servicelayer.security.spring.HybrisSessionFixationProtectionStrategy"/> <security:global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/> <security:authentication-manager alias="theAuthenticationManager"> <security:authentication-provider ref="authenticationProvider" /> <security:authentication-provider ref="rememberMeAuthenticationProvider" /> </security:authentication-manager> <bean id="authenticationSuccessHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationSuccessHandler"> <constructor-arg value="/firstpage.htm"></constructor-arg> </bean> <bean id="authenticationFailureHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationFailureHandler"> <constructor-arg value="/home.htm?failed=true"></constructor-arg> </bean> <bean id="authenticationProvider" parent="ecomAuthenticationProvider" scope="tenant"/> <bean id="ecomAuthenticationProvider" class="com.entertainment.ecom.web.auth.EcomAuthenticationProvider" scope="tenant" abstract="true" /> <util:set id="authorizedGroups" value-type="java.lang.String"> <value>customergroup</value> </util:set> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean id="notInitializedVoter" class="de.hybris.platform.spring.security.voter.HybrisNotInitializedVoter" /> <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" /> <bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> </property> </bean> <bean id="ecomUserDetailsService" class="com.entertainment.ecom.web.auth.EcomUserDetailsService"/> <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="theAuthenticationManager"/> <property name="filterProcessesUrl" value="/j_spring_security_check"/> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/> <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> </bean> <bean id="rememberMeFilter" class= "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="authenticationManager" ref="theAuthenticationManager" /> </bean> <bean id="rememberMeServices" class= "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService" ref="ecomUserDetailsService"/> <property name="key" value="a23eef6dfd1514cb885f47070380ff18"/> <property name="parameter" value="_spring_security_remember_me"/> <property name="cookieName" value="ENTC"/> <property name="tokenValiditySeconds" value="80000"/> </bean> <bean id="rememberMeAuthenticationProvider" class= "org.springframework.security.authentication.RememberMeAuthenticationProvider"> <property name="key" value="a23eef6dfd1514cb885f47070380ff18"/> </bean> <bean id="myfilterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/firstpage.htm" filters="authenticationFilter,rememberMeFilter"/> </security:filter-chain-map> </bean>
Trying to implement "Remember Me" in "Simple Hash-Based Token Approach"Code:<form id="loginForm" name="loginForm" method="post" action="j_spring_security_check?standardlogin"> <input class="textBox" type="text" name="j_username" id="j_username" /> <input class="textBox" type="password" name="j_password" id="j_password" /> <input type="checkbox" class="chkinput" name="_spring_security_remember_me" value="" checked="checked"/>
1)Is the above configuration complete and correct? Even cookie is not created.
2)In login.jsp should the name of checkbox be "_spring_security_remember_me".
3)Giving context path for <security:filter-chain pattern="/ecomweb"
4)can the key be any unique value="e4d909c290d0fb1ca068ffaddf22cbd0"
5)difference between this <security:form-login login-page="/standardlogin.htm"
and
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/standardlogin.htm"/>
6)What is the sequence of remember me authentication process from when we check?
Please guide me resolve the issue.
the checkbox in JSP
Reply With Quote
Originally Posted by sand_sio2
