I have an app where remember-me was working fine for db-based accounts, but not for LDAP accounts (we support both types of authentication at the same time). Upon reading the docs and this thread:

http://forum.springsource.org/showth...t=80513&page=3

I found out that for remember-me to work with LDAP, one must use a persistent token repository so I added "tokenRepository" bean (see my config file below). I now see a cookie being created with the correct expiration date (14 days default, but I have also set 28 days and was set correctly according to IE7). There's also an entry in the persistent_logins table:

Code:
SQL> select * from persistent_logins;

USERNAME  SERIES                           TOKEN                LAST_USED
---            ----------------         --------------    ---------------------
rxf  O/IMY9qbksPZ2lg+wjRKhg==  ohaFD4CNtXxs/TNzVi98pQ==  28-MAY-10 05.56.46.283000 PM
However, when I try to login again (without logging out, after restarting the browser), I get the following messages from Spring Security:

Code:
17:57:44,987 DEBUG PersistentTokenBasedRememberMeServices - Remember-me cookie detected
...
17:57:45,581 DEBUG PersistentTokenBasedRememberMeServices - Cancelling cookie
17:57:45,581 DEBUG PersistentTokenBasedRememberMeServices - No persistent token found for series id: O/IMY9qbksPZ2lg+wjRKhg==
And I get the same whether I use an LDAP or DB account, so remember-me doesn't work anymore even for DB-type authentication.

Can anyone tell me what I'm missing? Thanks.


My full spring security configuration:

Code:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

   <http auto-config="false">

      <intercept-url pattern="/login.html*" filters="none"/>
      <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />

      <form-login login-page="/login.html"
                  default-target-url="/index.html"
                  always-use-default-target="false"
                  authentication-failure-url="/login.html?login_error=1"/>

      <logout logout-success-url="/login.html" />

      <remember-me token-repository-ref="tokenRepository" />
                   <!--             token-validity-seconds="2419200" --> 
   </http>

   <ldap-server id="dex_ldap" url="ldap://my.ldapserver.com:333/dc=company,dc=com"/>

   <ldap-authentication-provider
      server-ref="dex_ldap"
      user-dn-pattern="uid={0},ou=people">
   </ldap-authentication-provider>

   <beans:bean id="dataSource"
      class="org.springframework.jdbc.datasource.DriverManagerDataSource">
      <beans:property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
      <beans:property name="url" value="jdbc:oracle:thin:@my.dbserver.com:1521:mydb"/>
      <beans:property name="username" value="dexuser"/>
      <beans:property name="password" value="secret"/>
   </beans:bean>

   <beans:bean id="BCrypt" class="com.my.company.dexcenter.BCryptSecurity"/>

   <authentication-provider>
      <password-encoder ref="BCrypt"/>
      <jdbc-user-service data-source-ref="dataSource"/>
   </authentication-provider>

   <beans:bean id="tokenRepository"
      class="org.springframework.security.ui.rememberme.JdbcTokenRepositoryImpl">
      <beans:property name="createTableOnStartup" value="false" />
      <beans:property name="dataSource" ref="dataSource"/>
   </beans:bean>

</beans:beans>