Springs Simple<记住我>不工作:-(
我正在尝试利用 Spring Security 的
<security:remember-me key="89dqj219dn910lsAc12" user-service-ref="jpaUserDetailsService"/>
虽然我使用自己的 UserDetailsService 实现(已测试且工作正常),但我也尝试过使用默认的实现来遇到相同的问题,即:
在选中“记住我”复选框的情况下登录,会按预期生成 cookie:
名称:SPRING_SECURITY_REMEMBER_ME_COOKIE;值:c2FzczoxMjg1NTIxOTI1NzY4OmIxODQ5YTE2ZDY1MDVmZDFhNWRlN2Y2NzFlMzc1MmI0;主机:本地主机;路径:/webapp;安全:否;有效期至:2010 年 9 月 26 日星期日 17:25:25 GMT)
浏览器已重新启动
cookie仍然存在
尝试访问任何安全页面都会以“访问被拒绝”错误结束:
org.springframework.security.access.AccessDeniedException:访问被拒绝
作为字符串的身份验证对象:org.springframework.security.authentication.RememberMeAuthenticationToken@ffcaab94:主体:de.myapp.businessobjects.AppUser@35c12e:用户名:用户名;密码:[受保护];启用:真;帐户未过期:true;凭证未过期:true;帐户非锁定:true;个人信息:32768; ;凭证:[受保护];已验证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1;会话 ID:空;未授予任何权限
我很困惑,不知道出了什么问题或从哪里开始调试。请帮忙?
I am trying to make use of Spring Security's <remember-me/> authentification. The line in my security context looks like this:
<security:remember-me key="89dqj219dn910lsAc12" user-service-ref="jpaUserDetailsService"/>
Although I use my own implementation of UserDetailsService (tested & working), I have also tried with the default one running into the same issue, which is this:
Logging in with "remember-me" checkbox checked, a cookie is generated as expected:
Name: SPRING_SECURITY_REMEMBER_ME_COOKIE; Value: c2FzczoxMjg1NTIxOTI1NzY4OmIxODQ5YTE2ZDY1MDVmZDFhNWRlN2Y2NzFlMzc1MmI0; Host: localhost; Path: /webapp; Secure: No; Valid until: Sun, 26 Sep 2010 17:25:25 GMT)
The browser restarted
The cookie is still there
Trying to access any secured page ends in "Access denied" error:
org.springframework.security.access.AccessDeniedException: Access is denied
Authentication object as a String: org.springframework.security.authentication.RememberMeAuthenticationToken@ffcaab94: Principal: de.myapp.businessobjects.AppUser@35c12e: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; PersonalInformation: 32768; ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
I am confused an do not know what goes wrong or where to start debugging. Help, please?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看起来用户已成功通过身份验证,但由于某种原因他没有权限(即角色)。因此,请确保您的
UserDetailsService返回的用户详细信息从UserDetails.getAuthorities()返回正确的权限。It looks like user is successfully authenticated, but for some reason he has no authorities (i.e. roles). So, make sure that user details returned by your
UserDetailsServicereturns proper authorities fromUserDetails.getAuthorities().