Spring Security 实现记住我功能

一、页面

在登录页面添加记住我 选项,其中记住我 的选择框必须是input checkbox类型的多选框,并且它的name必须是name="remember-me"


<html>
<head>
<meta charset="UTF-8">
<title>登录title>
head>
<body>
    <h3>表单登录h3>
    <form action="/authentication/form" method="post">
        <table>
            <tr>
                <td>用户名:td> 
                <td><input type="text" name="username">td>
            tr>
            <tr>
                <td>密码:td>
                <td><input type="password" name="password">td>
            tr>
            <tr>
                <td>图形验证码:td>
                <td>
                    <input type="text" name="imageCode">
                    <img src="/code/image">
                td>
            tr>
            <tr>
                <td colspan='2'>
                    <span style="display: none;">name remember-me 是固定的span>
                    <input name="remember-me" type="checkbox" value="true" />
                    <span>记住我span>
                td>
            tr>
            <tr>
                <td colspan="2"><button type="submit">登录button>td>
            tr>
        table>
    form>
body>
html>

二、config配置

在security授权的配置类中加入rememberMe配置:

package com.xh.security.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import com.xh.security.validate.code.ValidateCodeFilter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder () {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    private AuthenticationSuccessHandler myAuthenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler myAuthenctiationFailureHandler;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public PersistentTokenRepository persistentTokenRepository () {
        JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl();
        tokenRepositoryImpl.setDataSource(dataSource);
        // 启动时自动创建表   如果数据库有该表,再设置为true,启动会报错
//      tokenRepositoryImpl.setCreateTableOnStartup(true);
        return tokenRepositoryImpl;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
        validateCodeFilter.setAuthenctiationFailureHandler(myAuthenctiationFailureHandler);

        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
            .formLogin()// 表单登录  来身份认证
                .loginPage("/authentication/require")// 自定义登录页面
                .loginProcessingUrl("/authentication/form")// 自定义登录路径
                .successHandler(myAuthenticationSuccessHandler)
                .failureHandler(myAuthenctiationFailureHandler)
                .and()
            .rememberMe()
                .tokenRepository(persistentTokenRepository())
                // 失效时间
                .tokenValiditySeconds(3600)
                .userDetailsService(userDetailsService)
            .and()
            .authorizeRequests()// 对请求授权
            // error  127.0.0.1  将您重定向的次数过多
            .antMatchers("/myLogin.html", "/authentication/require",
                    "/authentication/form","/code/image").permitAll()// 这些页面不需要身份认证,其他请求需要认证
            .anyRequest() // 任何请求
            .authenticated()//; // 都需要身份认证
            .and()
            .csrf().disable();// 禁用跨站攻击
    }

}

你可能感兴趣的:(Spring,Security)