spring openid +记住我
public void afterPropertiesSet() {
super.afterPropertiesSet();
if (consumer == null) {
try {
consumer = new OpenID4JavaConsumer();
} catch (ConsumerException e) {
throw new IllegalArgumentException("Failed to initialize OpenID", e);
}
}
if (returnToUrlParameters.isEmpty() &&
getRememberMeServices() instanceof AbstractRememberMeServices) {
returnToUrlParameters = new HashSet<String>();
returnToUrlParameters.add(((AbstractRememberMeServices)getRememberMeServices()).getParameter());
}
}
在Spring OpenIDAuthenticationFilter里面,我可以看到上面,有什么用 returnToUrlParameters.add(((AbstractRememberMeServices)getRememberMeServices()).getParameter()); ?
在执行 openid 后,rememberMeService 与 returnto-page 有何关系?
public void afterPropertiesSet() {
super.afterPropertiesSet();
if (consumer == null) {
try {
consumer = new OpenID4JavaConsumer();
} catch (ConsumerException e) {
throw new IllegalArgumentException("Failed to initialize OpenID", e);
}
}
if (returnToUrlParameters.isEmpty() &&
getRememberMeServices() instanceof AbstractRememberMeServices) {
returnToUrlParameters = new HashSet<String>();
returnToUrlParameters.add(((AbstractRememberMeServices)getRememberMeServices()).getParameter());
}
}
Inside Spring OpenIDAuthenticationFilter, i can see above, what is the use ofreturnToUrlParameters.add(((AbstractRememberMeServices)getRememberMeServices()).getParameter()); ?
what does rememberMeService relate to returnto-page after doing openid?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你可以阅读 Spring Security 作者 Peter Mularien 写的这篇文章
http://www.packtpub.com/article/opening -up-to-openid-with-spring-security
quote " 您会注意到,我们不提供 OpenID 登录的“记住我”选项。这是因为与供应商之间的重定向导致记住我复选框值丢失,这样,当用户成功通过身份验证时,他们将不再显示“记住我”选项,这很不幸,但最终提高了 OpenID 作为我们网站登录机制的安全性,因为 OpenID 强制用户通过提供商建立信任关系。每次登录时。
You may read this article written by Peter Mularien the author of spring security
http://www.packtpub.com/article/opening-up-to-openid-with-spring-security
quote " You'll note that we don't offer the remember me option with OpenID login. This is due to the fact that the redirection to and from the vendor causes the remember me checkbox value to be lost, such that when the user's successfully authenticated, they no longer have the remember me option indicated. This is unfortunate, but ultimately increases the security of OpenID as a login mechanism for our site, as OpenID forces the user to establish a trust relationship through the provider with each and every login. "