我认为您已经
<remember-me>在配置中进行了设置。
“记住我”的工作方式是设置一个cookie,该cookie会在用户会话期满后返回用户站点时被识别。
您必须将正在使用的
RememberMeServices(
Tokenbased或
PersistentTokenbased)子类化,并将onLoginSuccess()公开。例如:
public class MyTokenbasedRememberMeServices extends PersistentTokenbasedRememberMeServices { @Override public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { super.onLoginSuccess(request, response, successfulAuthentication); } }<remember-me services-ref="rememberMeServices"/><bean id="rememberMeServices" > <property name="userDetailsService" ref="myUserDetailsService"/> <!-- etc --></bean>将RememberMe服务插入到您要进行程序登录的bean中。然后
onLoginSuccess()使用您创建的UsernamePasswordAuthenticationToken对其进行调用。这将设置cookie。
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, "", authorities);SecurityContextHolder.getContext().setAuthentication(auth);getRememberMeServices().onLoginSuccess(request, response, auth);
更新
@at对此有所改进,没有任何子类
RememberMeServices:
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, "", authorities);SecurityContextHolder.getContext().setAuthentication(auth);// This wrapper is important, it causes the RememberMeService to see// "true" for the "_spring_security_remember_me" parameter.HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) { @Override public String getParameter(String name) { return "true"; } };getRememberMeServices().loginSuccess(wrapper, response, auth);
