Results 1 to 3 of 3

Thread: Remember me cookie not set

  1. Feb 14th, 2013, 11:18 AM #1
    vjeetje
    vjeetje is offline Junior Member
    Join Date
    Feb 2013
    Posts
    3

    Default Remember me cookie not set

    I can't seem to get a cookie of spring that remembers the session, nor is the persistent_logins table of the dataSource getting populated. Why isn't the cookie received by the client?

    Application context xml file :

    <?xml version="1.0" encoding="UTF-8"?>
    <bean:beans>
    <http>
    ...
    <remember-me data-source-ref="dataSource"
    user-service-ref="userService" />
    </http>

    <authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userService">
    <password-encoder hash="md5" ref="passwordEncoder">
    <salt-source ref="saltSource" />
    </password-encoder>
    </authentication-provider>
    </authentication-manager>
    ...
    </bean:beans>
    login method:

    @Service
    public class AServiceImpl extends RemoteServiceServlet implements AService {
    @Override
    public boolean login(String username, String password, boolean remember) {
    Collection<GrantedAuthority> auths = userDetailsService.getGrantedAuthorities(user);
    auth = new UsernamePasswordAuthenticationToken(username, password, auths);
    Authentication result = authenticationManager.authenticate(auth);
    SecurityContextHolder.getContext().setAuthenticati on(result);
    getThreadLocalRequest().getSession().setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURI TY_CONTEXT_KEY,SecurityContextHolder.getContext()) ;
    rememberMeServices.loginSuccess(getThreadLocalRequ est(),getThreadLocalResponse(), auth);
    }
    }
    Reply With Quote Reply With Quote
  2. Feb 15th, 2013, 02:54 AM #2
    vjeetje
    vjeetje is offline Junior Member
    Join Date
    Feb 2013
    Posts
    3

    Default

    Thanks for the reply, but I'm not looking to do it manually. I know there has to be a way to use the SPRING_SECURITY_REMEMBER_ME_COOKIE and I don't see a reason do it manually if Spring provides a remember-me service.

    maybe interesting note: I didn't use _spring_security_remember_me (because I don't use forms but rpc) and I don't have alwaysRememberMe set true. This is because all login/logout is done via rpc. Maybe this is the problem?

    Another small related question: the line "getThreadLocalRequest().getSession().setAttribute (HttpSessionSecurityContextRepository.SPRING_SECUR ITY_CONTEXT_KEY,SecurityContextHolder.getContext() );" looks a bit like a hack. But if I ommit it, the sessioncookie JSESSIONID is not set for some reason. Anyone know why?
    Reply With Quote Reply With Quote
  3. Feb 15th, 2013, 03:04 PM #3
    vjeetje
    vjeetje is offline Junior Member
    Join Date
    Feb 2013
    Posts
    3

    Default

    http://stackoverflow.com/questions/7...811334#7811334
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules