StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAdding Remember Me functionality in already configured spring OUTH and usernamepassword token authentication system
text
Body
copied!<p>I have the following spring security configuration.</p> <pre><code><?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">  <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" entry-point-ref="oauthAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <anonymous enabled="false" /> <http-basic entry-point-ref="oauthAuthenticationEntryPoint" />  <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> </http> <http use-expressions="true">  <form-login login-page="/signin" login-processing-url="/signin/authenticate" authentication-failure-url="/signin?error=1" /> <logout logout-url="/signout" delete-cookies="JSESSIONID" />  <remember-me services-ref="rememberMeServices" key="myRememberMeKey" />  <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/favicon.ico" access="permitAll" /> <intercept-url pattern="/members/**" access="permitAll" /> <intercept-url pattern="/groups/**" access="permitAll" /> <intercept-url pattern="/pubsub/**" access="permitAll" /> <intercept-url pattern="/resources/**" access="permitAll" /> <intercept-url pattern="/signup" access="permitAll" requires-channel="#{environment['application.secureChannel']}" /> <intercept-url pattern="/signin" access="permitAll" requires-channel="#{environment['application.secureChannel']}" /> <intercept-url pattern="/signin/*" access="permitAll" requires-channel="#{environment['application.secureChannel']}" /> <intercept-url pattern="/reset" access="permitAll" requires-channel="#{environment['application.secureChannel']}" />  <intercept-url pattern="/invite/accept" access="permitAll" requires-channel="#{environment['application.secureChannel']}" />  <intercept-url pattern="/admin/**" access="permitAll" /> <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="#{environment['application.secureChannel']}" /> <custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="usernamePasswordAuthenticationProvider" /> </authentication-manager> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> </constructor-arg> </bean> <bean id="jdbcRememberMeRepository" class="com.springsource.greenhouse.rememberme.JdbcRememberMeRepository" xmlns="http://www.springframework.org/schema/beans"/> <bean id="coreUserDetailsService" class="com.springsource.greenhouse.rememberme.RememberMeUserDetailsService" xmlns="http://www.springframework.org/schema/beans"/> <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices" xmlns="http://www.springframework.org/schema/beans"> <property name="tokenRepository" ref="jdbcRememberMeRepository" /> <property name="userDetailsService" ref="coreUserDetailsService" /> <property name="key" value="myRememberMeKey" /> <property name="alwaysRemember" value="true" /> </bean>  <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="clientDetailsUserService" /> </authentication-manager> <beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> <beans:constructor-arg ref="clientDetails" /> </beans:bean> <beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> <beans:property name="realmName" value="greenhouseApi" /> </beans:bean> <beans:import resource="security-oauth-provider.xml" /> </beans:beans> </code></pre> <p>When I tick the remember-me checkbox , I see my remember-me database is populated as shown in the snapshot. Now I close the browser and try to access the url which needs sign-in. I am able to see the page. Now here I am confused about whether I am able to see the page because of login or because of remember-me. Secondly I see in the remember-me database table the last date is not updated. What can be the reasons for this?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload