Results 1 to 2 of 2

Thread: Authentication in AWS EC2 enviroment

  1. Oct 12th, 2012, 11:40 AM #1
    eelan
    eelan is offline Junior Member
    Join Date
    Mar 2011
    Posts
    3

    Default Authentication in AWS EC2 enviroment

    I am trying to set up Spring security 3.1 where once a user a logs in, the user can hit any web server without requiring to login again. So if I have a session timeout of say 15 minutes, the user should only have to login again after 15 minutes of inactivity.

    I thought to use PersistentTokenBasedRememberMeServices however it does not update the column last_used in persistent_logins table after each user request. So it only works since the user last logged in.

    This would seem to be a common use case however I can't find a simple solution for it using Spring Security. I thought about creating my own cookie and using a filter to update the SecurityContext if the cookie passed my validation and the SecurityContext did not exist yet.

    Any suggestions for a solution to my problem? Thanks!
    Reply With Quote Reply With Quote
  2. Oct 15th, 2012, 08:07 AM #2
    eelan
    eelan is offline Junior Member
    Join Date
    Mar 2011
    Posts
    3

    Default

    The solution I used was

    <http>
    ...
    <custom-filter before="REMEMBER_ME_FILTER" ref="myRememberMe" />
    <remember-me services-ref="rememberMeServices" />
    </http>

    <bean id="myRememberMe" class="com.company.MyRememberMeAuthenticationFilte r" >
    <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>
    <bean id="rememberMeServices"
    class="org.springframework.security.web.authentica tion.rememberme.TokenBasedRememberMeServices">
    <property name="userDetailsService" ref="userDetailsService" />
    <property name="key" value="whatever" />
    <property name="tokenValiditySeconds" value="600" />
    <property name="alwaysRemember" value="true" />
    </bean>


    public class MyRememberMeAuthenticationFilter extends GenericFilterBean {

    private RememberMeServices rememberMeServices;

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
    throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    if (SecurityContextHolder.getContext().getAuthenticat ion() != null) {
    getRememberMeServices().loginSuccess(request, response,SecurityContextHolder.getContext().getAut hentication());
    }
    chain.doFilter(request, response);
    }
    }
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules