Databases
StackOverflow2013
Postsdbo
POSpring Security remember-me authentication from https to http cookie writing failure
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring Security remember-me authentication from https to http cookie writing failure
    primarykey
    data
    text
    <p>I'm using Spring Security 3.0.5 for authentication and I'm using remember-me as well. Currently, the login page is a https page and the page that I redirect to afte successfully authentication is a http page. I use to have everything under https, but we have a few things on our site which wont operate under https in IE8, so I thought I would try this route. The below debug log seems to indicate that the cookie can't be written from https to http, is there a way to accomplish this?</p> <p>Debug Trace:</p> <pre><code>15:13:53,373 DEBUG UsernamePasswordAuthenticationFilter:289 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b7fef7f9: Principal: com.dc.api.model.Users@470ad8; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 204.17.229.254; SessionId: 1C083D7977FDD3C8D1FA94BEA6665C54; Granted Authorities: com.dc.api.model.Authority@bd4e16 15:13:53,373 DEBUG TokenBasedRememberMeServices:271 - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me') 15:13:53,374 DEBUG TokenBasedRememberMeServices:229 - Remember-me login not requested. 15:13:53,374 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher' 15:13:53,375 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /registered/home.html 15:13:53,375 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/dreamcatcher/registered/home.html' </code></pre> <p>Spring Security Config:</p> <pre><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"&gt; &lt;context:annotation-config /&gt; &lt;context:component-scan base-package="dc" /&gt; &lt;global-method-security /&gt; &lt;http access-denied-page="/auth/denied.html"&gt; &lt;intercept-url filters="none" pattern="/javax.faces.resource/**" /&gt; &lt;intercept-url filters="none" pattern="/services/rest-api/1.0/**" /&gt; &lt;intercept-url filters="none" pattern="/preregistered/*"/&gt; &lt;intercept-url pattern="/**/*.xhtml" access="ROLE_NONE_GETS_ACCESS" /&gt; &lt;intercept-url pattern="/auth/**" access="ROLE_ANONYMOUS,ROLE_USER" /&gt; &lt;intercept-url pattern="/auth/*" access="ROLE_ANONYMOUS" /&gt; &lt;intercept-url pattern="/registered/*" access="ROLE_USER" /&gt; &lt;intercept-url pattern="/*" access="ROLE_ANONYMOUS" /&gt; &lt;form-login login-processing-url="/j_spring_security_check.html" login-page="/auth/login.html" default-target-url="/registered/home.html" authentication-failure-url="/auth/login.html" /&gt; &lt;logout invalidate-session="true" logout-url="/auth/logout.html" success-handler-ref="DCLogoutSuccessHandler"/&gt; &lt;anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/&gt; &lt;remember-me user-service-ref="userManager" key="keyvaluehere"/&gt; &lt;custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter"/&gt; &lt;/http&gt; &lt;!-- Configure the authentication provider --&gt; &lt;authentication-manager alias="am"&gt; &lt;authentication-provider user-service-ref="userManager"&gt; &lt;password-encoder ref="passwordEncoder" /&gt; &lt;/authentication-provider&gt; &lt;authentication-provider ref="xmlAuthenticationProvider" /&gt; &lt;/authentication-manager&gt; &lt;/beans:beans&gt; </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USc12
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload