Я настроил Spring Security с опцией запомнить меня.
<security:global-method-security secured-annotations="enabled" />
<security:http pattern="/login.html" security="none"/>
<security:http pattern="/signup.html" security="none"/>
<security:http pattern="/scripts/**" security="none"/>
<security:http pattern="/styles/**" security="none"/>
<security:http pattern="/images/**" security="none"/>
<security:http disable-url-rewriting="true" access-denied-page="/accessDenied.jsp">
<security:session-management>
<security:concurrency-control error-if-maximum-exceeded="false" max-sessions="10"/>
</security:session-management>
<security:form-login login-page="/login.html" login-processing-url="/login" authentication-failure-url="/login.html?login_error=1" default-target-url="/"/>
<security:intercept-url pattern='/**' access='ROLE_USER' />
<security:logout logout-url="/logout" logout-success-url="/"/>
<security:remember-me services-ref="rememberMeServices" />
</security:http>
, а затем и сами услуги:
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<property name="tokenRepository" ref="myTokenRepository" />
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="myRememberMeKey" />
<property name="alwaysRemember" value="true" />
</bean>
<bean id="myTokenRepository" class="com.mytwitter.web.security.MyTokenRepository">
</bean>
Я вижу в своей схеме, что токены вставляются / обновляются / удаляются в базе данных. так что это не проблема.
, но войти не удается:
2012-02-13 13:35:56,497 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie detected - 2065616
2012-02-13 13:35:56,498 DEBUG [http-bio-8080-exec-5] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "series" : "Ww2a8WsycNlGWxZRDubTnA=="} in db.collection: mytwitter.rememberMeTokens - 2065617
2012-02-13 13:35:56,500 DEBUG [http-bio-8080-exec-5] org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0' - 2065619
2012-02-13 13:35:56,500 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Refreshing persistent login token for user 'aaaa', series 'Ww2a8WsycNlGWxZRDubTnA==' - 2065619
2012-02-13 13:35:56,510 DEBUG [http-bio-8080-exec-5] org.springframework.data.mongodb.core.MongoTemplate - calling update using query: { "series" : "Ww2a8WsycNlGWxZRDubTnA=="} and update: { "$set" : { "tokenValue" : "u0m7/ze3DpDInv27+JuPdQ==" , "date" : { "$date" : "2012-02-13T11:35:56.500Z"}}} in collection: rememberMeTokens - 2065629
2012-02-13 13:35:56,511 DEBUG [http-bio-8080-exec-5] org.springframework.data.mongodb.core.MongoTemplate - findOne using query: { "nickname" : "aaaa"} in db.collection: mytwitter.users - 2065630
2012-02-13 13:35:56,512 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Remember-me cookie accepted - 2065631
2012-02-13 13:35:56,512 DEBUG [http-bio-8080-exec-5] org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.RememberMeAuthenticationProvider - 2065631
2012-02-13 13:35:56,513 DEBUG [http-bio-8080-exec-5] org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0' - 2065632
2012-02-13 13:35:56,514 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as AuthenticationManager rejected Authentication returned by RememberMeServices: 'org.springframework.security.authentication.RememberMeAuthenticationToken@5195b417: Principal: com.mytwitter.web.security.AuthUser@15880543; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'; invalidating remember-me token - 2065633
org.springframework.security.authentication.BadCredentialsException: The presented RememberMeAuthenticationToken does not contain the expected key
at org.springframework.security.authentication.RememberMeAuthenticationProvider.authenticate(RememberMeAuthenticationProvider.java:64)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
2012-02-13 13:35:56,529 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Interactive login attempt was unsuccessful. - 2065648
2012-02-13 13:35:56,529 DEBUG [http-bio-8080-exec-5] org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices - Cancelling cookie - 2065648
На самом деле я вижу странным, что в строке 2012-02-13 13:35:56,514, которая печатает объект аутентификации, SessionId имеет значение null. Что мне не хватает?