StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow can I use a custom configured RememberMeAuthenticationFilter in spring security?
text
Body
copied!<p>I want to use a slightly customized rememberme functionality with spring security (3.1.0).</p> <p>I declare the rememberme tag like this:</p> <pre><code><security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> </code></pre> <p>As I have my own rememberme service I need to inject that into the RememberMeAuthenticationFilter which I define like this: </p> <pre><code><bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="gymRememberMeService"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> </code></pre> <p>I have spring security integrated in a standard way in my web.xml:</p> <pre><code><filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </code></pre> <p>Everything works fine, except that the RememberMeAuthenticationFilter uses the standard RememberMeService, so I think that my defined RememberMeAuthenticationFilter is not being used.</p> <p>How can I make sure that my definition of the filter is being used? Do I need to create a custom filterchain? And if so, how can I see my current "implicit" filterchain and make sure I use the same one except my RememberMeAuthenticationFilter instead of the default one? </p> <p>Thanks for any advice and/or pointers!</p> <p>Here the complete spring-security.xml:</p> <pre><code><?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http pattern="/_ui/**" security="none" />  <security:http disable-url-rewriting="true"> <security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />  <security:session-management session-fixation-protection="none" />  <security:intercept-url pattern="/my-account*" access="ROLE_CUSTOMERGROUP" requires-channel="https" /> <security:intercept-url pattern="/my-account/**" access="ROLE_CUSTOMERGROUP" requires-channel="https" />  <security:intercept-url pattern="/login" requires-channel="https" /> <security:intercept-url pattern="/login/**" requires-channel="https" /> <security:intercept-url pattern="/register" requires-channel="https" /> <security:intercept-url pattern="/register/**" requires-channel="https" /> <security:intercept-url pattern="/j_spring_security_check" requires-channel="https" /> <security:intercept-url pattern="/logout" requires-channel="https" />  <security:intercept-url pattern="/cart/rollover/*" requires-channel="any" /> <security:intercept-url pattern="/cart/miniCart/*" requires-channel="any" /> <security:intercept-url pattern="/cart/show" requires-channel="any" /> <security:intercept-url pattern="/cart/lightboxmybag" requires-channel="any" /> <security:intercept-url pattern="/cart/remove/*" requires-channel="any" /> <security:intercept-url pattern="/cart/update/*" requires-channel="any" /> <security:intercept-url pattern="/cart/getProductSizes/**" requires-channel="any" /> <security:intercept-url pattern="/cart/getShippingMethods" requires-channel="any" /> <security:intercept-url pattern="/cart/setShippingMethod" requires-channel="any" /> <security:intercept-url pattern="/cart/applyVoucherDiscount" requires-channel="any" /> <security:intercept-url pattern="/cart/removeVoucherDiscount" requires-channel="any" /> <security:intercept-url pattern="/checkout/**" requires-channel="https" />  <security:intercept-url pattern="/suggest*" requires-channel="any" />  <security:intercept-url pattern="/cybersource/response" requires-channel="any" /> <security:intercept-url pattern="/cybersource/csResponse" requires-channel="http" />  <security:intercept-url pattern="/regions*" requires-channel="any" /> <security:intercept-url pattern="/regions/*" requires-channel="any" />  <security:intercept-url pattern="/popupLink/*" requires-channel="any" />  <security:intercept-url pattern="/my-addresses*" requires-channel="any" /> <security:intercept-url pattern="/my-addresses/**" requires-channel="any" /> <security:intercept-url pattern="/search/autocompleteSecure/**" requires-channel="https" />  <security:intercept-url pattern="/**" requires-channel="any" method="POST" />  <security:intercept-url pattern="/**" requires-channel="http" />  <security:form-login login-page="/login" authentication-failure-handler-ref="loginAuthenticationFailureHandler" authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler" /> <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" /> <security:port-mappings> <security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}" https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" /> <security:port-mapping http="80" https="443" />  </security:port-mappings> <security:request-cache ref="httpSessionRequestCache" /> <security:remember-me key="JNJRMBM" user-service-ref="gymUserDetailService" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="acceleratorAuthenticationProvider" /> </security:authentication-manager> <bean id="acceleratorAuthenticationProvider" class="org.jnj.storefront.security.AcceleratorAuthenticationProvider" scope="tenant"> <property name="userDetailsService" ref="gymUserDetailService" /> <property name="adminGroup" value="ROLE_ADMINGROUP"/> <property name="userService" ref="userService"/> <property name="gymCustomerLoginService" ref="defaultGymCustomerLoginService"/> </bean> <bean id="gymUserDetailService" class="org.jnj.storefront.security.services.impl.GymCoreUserDetailsService" scope="tenant"> <property name="baseDao" ref="asyBaseDao" /> </bean> <bean id="coreUserDetailsService" class="de.hybris.platform.spring.security.CoreUserDetailsService" scope="tenant" /> <bean id="guidCookieStrategy" class="org.jnj.storefront.security.impl.DefaultGUIDCookieStrategy" scope="tenant"> <property name="cookieGenerator" ref="guidCookieGenerator" /> </bean> <alias name="defaultGuidCookieGenerator" alias="guidCookieGenerator"/> <bean id="defaultGuidCookieGenerator" class="org.jnj.storefront.security.cookie.EnhancedCookieGenerator" scope="tenant"> <property name="cookieSecure" value="true" /> <property name="cookieName" value="acceleratorSecureGUID" /> <property name="httpOnly" value="false"/>  </bean> <bean id="autoLoginStrategy" class="org.jnj.storefront.security.impl.DefaultAutoLoginStrategy" scope="tenant"> </bean> <bean id="httpSessionRequestCache" class="org.jnj.storefront.security.impl.WebHttpSessionRequestCache" scope="tenant" /> <bean id="loginUserType" class="org.jnj.storefront.security.impl.LoginUserTypeBean" scope="tenant" /> <bean id="redirectStrategy" class="org.springframework.security.web.DefaultRedirectStrategy" scope="tenant" />  <bean id="loginGuidAuthenticationSuccessHandler" class="org.jnj.storefront.security.GUIDAuthenticationSuccessHandler" scope="tenant"> <property name="authenticationSuccessHandler" ref="loginAuthenticationSuccessHandler" /> <property name="guidCookieStrategy" ref="guidCookieStrategy" /> </bean> <bean id="loginAuthenticationSuccessHandler" class="org.jnj.storefront.security.StorefrontAuthenticationSuccessHandler" scope="tenant"> <property name="customerFacade" ref="customerFacade" /> <property name="defaultTargetUrl" value="/my-account"/> <property name="useReferer" value="true"/> <property name="alwaysUseDefaultTargetUrl" value="false"/> <property name="requestCache" ref="httpSessionRequestCache" /> </bean> <bean id="loginCheckoutGuidAuthenticationSuccessHandler" class="org.jnj.storefront.security.GUIDAuthenticationSuccessHandler" scope="tenant"> <property name="authenticationSuccessHandler" ref="loginCheckoutAuthenticationSuccessHandler" /> <property name="guidCookieStrategy" ref="guidCookieStrategy" /> <property name="defaultGymCartFacade" ref="gymCartFacade"/> </bean> <bean id="loginCheckoutAuthenticationSuccessHandler" class="org.jnj.storefront.security.StorefrontAuthenticationSuccessHandler" scope="tenant"> <property name="customerFacade" ref="customerFacade" /> <property name="defaultTargetUrl" value="/checkout/single/summary"/> </bean>  <bean id="loginAuthenticationFailureHandler" class="org.jnj.storefront.security.LoginAuthenticationFailureHandler"> <property name="defaultFailureUrl" value="/login?error=auth"/> <property name="accountBlockedUrl" value="/login?error=blocked"/> <property name="passwordMigrationUrl" value="/login?error=migration"/> </bean> <bean id="loginCheckoutAuthenticationFailureHandler" class="org.jnj.storefront.security.LoginAuthenticationFailureHandler"> <property name="defaultFailureUrl" value="/login/checkout?error=auth"/> <property name="accountBlockedUrl" value="/login/checkout?error=blocked"/> <property name="passwordMigrationUrl" value="/login/checkout?error=migration"/> </bean>  <bean id="logoutSuccessHandler" class="org.jnj.storefront.security.StorefrontLogoutSuccessHandler" scope="tenant"> <property name="defaultTargetUrl" value="/?logout=true"/> <property name="guidCookieStrategy" ref="guidCookieStrategy"/> <property name="cmsSiteService" ref="cmsSiteService"/> </bean> <bean id="gymRememberMeService" class="org.jnj.storefront.security.cookie.DefaultRememberMeService" scope="tenant"> <property name="tokenService" ref="secureTokenService" /> <property name="rememberMeCookieGenerator" ref="defaultRememberMeCookieGenerator" /> </bean> <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="gymRememberMeService"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> </code></pre> <p></p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload