RememberMeAuthenticationFilter not fired

[abernesco]

Hello,

I'm trying to activate the remember-me feature in a spring-security 3.0.3 application, but i've some problems.

The relevant part configuration is:

Code:

	<security:http>
		<security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/stylesheets/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/javascripts/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/impianti/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/buoni/public/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
		<security:intercept-url pattern="/**" access="ROLE_USER" />
		<security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.html" />
		<security:http-basic />
		<security:logout logout-success-url="/login_redirect.jsp" logout-url="/logout" />
		<security:remember-me/>
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<security:password-encoder hash="md5" />
			<security:jdbc-user-service data-source-ref="dataSource"/>
		</security:authentication-provider>
	</security:authentication-manager>

The cookie is corrected created and sent along with any browser request.

When i'm already logged in the log is (as espected):

Code:

DEBUG: org.springframework.security.web.FilterChainProxy - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: (etc)

But if i close and reopen the browser, the log just prints:

Code:

DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 7 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@1420fea'
DEBUG: org.springframework.security.web.FilterChainProxy - /login.jsp at position 8 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@230be4'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 96789943A570362DE4B0113A5262F0CB; Granted Authorities: ROLE_ANONYMOUS'

So it pass without firing the RememberMe filter and starting an Anononymous filter and redirecting me to the login page.

What's i'm doing wrong?

Thanks.

[pmularien]

Are you sure your browser isn't configured to clear cookies on exit? You can use an in-browser tool such as FireCookie or IE Developer Tools to look at the contents of the cookies the browser has sent for any particular domain, or an out-of-browser tool such as Fiddler2 to see what is being sent over the wire.

[abernesco]

Hello,

The cookie is still present and sent after i close and reopen the browser multiple times.

I verify the presence of the cookie with Firefox and Chrome and that the cookie is sent along with the request using Firebug and Chrome Developer Tools.