在Spring 3.1中使用“记住我”功能登录用户

在Spring 3.1中使用“记住我”功能登录用户

我认为您已经

<remember-me>

在配置中进行了设置。

“记住我”的工作方式是设置一个cookie，该cookie会在用户会话期满后返回用户站点时被识别。

您必须将正在使用的

RememberMeServices

（

Tokenbased

或

PersistentTokenbased

）子类化，并将onLoginSuccess（）公开。例如：

public class MyTokenbasedRememberMeServices extends PersistentTokenbasedRememberMeServices {    @Override    public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {        super.onLoginSuccess(request, response, successfulAuthentication);    }   }<remember-me services-ref="rememberMeServices"/><bean id="rememberMeServices" >    <property name="userDetailsService" ref="myUserDetailsService"/>    <!-- etc --></bean>

将RememberMe服务插入到您要进行程序登录的bean中。然后

onLoginSuccess()

使用您创建的UsernamePasswordAuthenticationToken对其进行调用。这将设置cookie。

UsernamePasswordAuthenticationToken auth =     new UsernamePasswordAuthenticationToken(user, "", authorities);SecurityContextHolder.getContext().setAuthentication(auth);getRememberMeServices().onLoginSuccess(request, response, auth);

更新

@at对此有所改进，没有任何子类

RememberMeServices:

UsernamePasswordAuthenticationToken auth =     new UsernamePasswordAuthenticationToken(user, "", authorities);SecurityContextHolder.getContext().setAuthentication(auth);// This wrapper is important, it causes the RememberMeService to see// "true" for the "_spring_security_remember_me" parameter.HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {    @Override public String getParameter(String name) { return "true"; } };getRememberMeServices().loginSuccess(wrapper, response, auth);