TokenBasedRememberMeServices 加密解密

最新推荐文章于 2023-05-28 13:48:22 发布
最新推荐文章于 2023-05-28 13:48:22 发布
阅读量1.8k 收藏
点赞数
分类专栏: md5 java 文章标签: 加密 解密 base64 md5 security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fendou4533/article/details/26888287
版权
java 同时被 2 个专栏收录
152 篇文章 1 订阅
订阅专栏
md5
2 篇文章 0 订阅
订阅专栏


最近看cas发现加密解密的一个好的工具类,先做个笔记,有时间再仔细研究下


代码来自  http://java2s.com/Open-Source/Java/Security/acegi-security/org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.java.htm


TokenBasedRememberMeServices.java :  » Security » acegi-security » org » acegisecurity » ui » rememberme » Java Open Source
Java Open Source » Security » acegi security	 	
acegi security » org » acegisecurity » ui » rememberme » TokenBasedRememberMeServices.java

/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.ui.rememberme;

import java.util.Date;
import java.util.Map;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.acegisecurity.Authentication;
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
import org.acegisecurity.ui.AccessDeniedHandler;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.RequestUtils;

/**
 * Identifies previously remembered users by a Base-64 encoded cookie.
 * 
 * <p>
 * This implementation does not rely on an external database, so is attractive
 * for simple applications. The cookie will be valid for a specific period from
 * the date of the last
 * {@link #loginSuccess(HttpServletRequest, HttpServletResponse, Authentication)}.
 * As per the interface contract, this method will only be called when the
 * principal completes a successful interactive authentication. As such the time
 * period commences from the last authentication attempt where they furnished
 * credentials - not the time period they last logged in via remember-me. The
 * implementation will only send a remember-me token if the parameter defined by
 * {@link #setParameter(String)} is present.
 * </p>
 * 
 * <p>
 * An {@link org.acegisecurity.userdetails.UserDetailsService} is required by
 * this implementation, so that it can construct a valid
 * <code>Authentication</code> from the returned {@link
 * org.acegisecurity.userdetails.UserDetails}. This is also necessary so that
 * the user's password is available and can be checked as part of the encoded
 * cookie.
 * </p>
 * 
 * <p>
 * The cookie encoded by this implementation adopts the following form:
 * 
 * <pre>
 * username + ":" + expiryTime + ":" + Md5Hex(username + ":" + expiryTime + ":" + password + ":" + key)
 * </pre>
 * 
 * </p>
 * <p>
 * As such, if the user changes their password any remember-me token will be
 * invalidated. Equally, the system administrator may invalidate every
 * remember-me token on issue by changing the key. This provides some reasonable
 * approaches to recovering from a remember-me token being left on a public
 * machine (eg kiosk system, Internet cafe etc). Most importantly, at no time is
 * the user's password ever sent to the user agent, providing an important
 * security safeguard. Unfortunately the username is necessary in this
 * implementation (as we do not want to rely on a database for remember-me
 * services) and as such high security applications should be aware of this
 * occasionally undesired disclosure of a valid username.
 * </p>
 * <p>
 * This is a basic remember-me implementation which is suitable for many
 * applications. However, we recommend a database-based implementation if you
 * require a more secure remember-me approach.
 * </p>
 * <p>
 * By default the tokens will be valid for 14 days from the last successful
 * authentication attempt. This can be changed using
 * {@link #setTokenValiditySeconds(long)}.
 * </p>
 * 
 * @author Ben Alex
 * @version $Id: TokenBasedRememberMeServices.java 1871 2007-05-25 03:12:49Z
 * benalex $
 */
public class TokenBasedRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
  // ~ Static fields/initializers
  // =====================================================================================

  public static final String ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE";

  public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";

  protected static final Log logger = LogFactory.getLog(TokenBasedRememberMeServices.class);

  // ~ Instance fields
  // ================================================================================================

  protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();

  private String key;

  private String parameter = DEFAULT_PARAMETER;

  private UserDetailsService userDetailsService;

  protected long tokenValiditySeconds = 1209600; // 14 days

  private boolean alwaysRemember = false;

  private static final int DEFAULT_ORDER = Integer.MAX_VALUE; // ~ default

  private String cookieName = ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;

  // ~ Methods
  // ========================================================================================================

  public void afterPropertiesSet() throws Exception {
    Assert.hasLength(key);
    Assert.hasLength(parameter);
    Assert.hasLength(cookieName);
    Assert.notNull(userDetailsService);
  }

  /**
   * Introspects the <code>Applicationcontext</code> for the single instance
   * of {@link AccessDeniedHandler}. If found invoke
   * setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) method by
   * providing the found instance of accessDeniedHandler as a method
   * parameter. If more than one instance of <code>AccessDeniedHandler</code>
   * is found, the method throws <code>IllegalStateException</code>.
   * 
   * @param applicationContext to locate the instance
   */
  private void autoDetectAndUseAnyUserDetailsService(ApplicationContext applicationContext) {
    Map map = applicationContext.getBeansOfType(UserDetailsService.class);
    if (map.size() > 1) {
      throw new IllegalArgumentException(
          "More than one UserDetailsService beans detected please refer to the one using "
              + " [ principalRepositoryBeanRef  ] " + "attribute");
    }
    else if (map.size() == 1) {
      setUserDetailsService((UserDetailsService) map.values().iterator().next());
    }
  }

  public Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
    Cookie[] cookies = request.getCookies();

    if ((cookies == null) || (cookies.length == 0)) {
      return null;
    }

    for (int i = 0; i < cookies.length; i++) {
      if (cookieName.equals(cookies[i].getName())) {
        String cookieValue = cookies[i].getValue();

        for (int j = 0; j < cookieValue.length() % 4; j++) {
          cookieValue = cookieValue + "=";
        }

        if (Base64.isArrayByteBase64(cookieValue.getBytes())) {
          if (logger.isDebugEnabled()) {
            logger.debug("Remember-me cookie detected");
          }

          // Decode token from Base64
          // format of token is:
          // username + ":" + expiryTime + ":" +
          // Md5Hex(username + ":" + expiryTime + ":" + password + ":"
          // + key)
          String cookieAsPlainText = new String(Base64.decodeBase64(cookieValue.getBytes()));
          String[] cookieTokens = StringUtils.delimitedListToStringArray(cookieAsPlainText, ":");

          if (cookieTokens.length == 3) {

            long tokenExpiryTime;

            try {
              tokenExpiryTime = new Long(cookieTokens[1]).longValue();
            }
            catch (NumberFormatException nfe) {
              cancelCookie(request, response,
                  "Cookie token[1] did not contain a valid number (contained '" + cookieTokens[1]
                      + "')");

              return null;
            }

            if (isTokenExpired(tokenExpiryTime)) {
              cancelCookie(request, response, "Cookie token[1] has expired (expired on '"
                  + new Date(tokenExpiryTime) + "'; current time is '" + new Date() + "')");

              return null;
            }

            // Check the user exists
            // Defer lookup until after expiry time checked, to
            // possibly avoid expensive lookup
            UserDetails userDetails = loadUserDetails(request, response, cookieTokens);

            if (userDetails == null) {
              cancelCookie(request, response, "Cookie token[0] contained username '" + cookieTokens[0]
                  + "' but was not found");
              return null;
            }

            if (!isValidUserDetails(request, response, userDetails, cookieTokens)) {
              return null;
            }

            // Check signature of token matches remaining details
            // Must do this after user lookup, as we need the
            // DAO-derived password
            // If efficiency was a major issue, just add in a
            // UserCache implementation,
            // but recall this method is usually only called one per
            // HttpSession
            // (as if the token is valid, it will cause
            // SecurityContextHolder population, whilst
            // if invalid, will cause the cookie to be cancelled)
            String expectedTokenSignature = makeTokenSignature(tokenExpiryTime, userDetails);

            if (!expectedTokenSignature.equals(cookieTokens[2])) {
              cancelCookie(request, response, "Cookie token[2] contained signature '" + cookieTokens[2]
                  + "' but expected '" + expectedTokenSignature + "'");

              return null;
            }

            // By this stage we have a valid token
            if (logger.isDebugEnabled()) {
              logger.debug("Remember-me cookie accepted");
            }

            RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(this.key, userDetails,
                userDetails.getAuthorities());
            auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

            return auth;
          }
          else {
            cancelCookie(request, response, "Cookie token did not contain 3 tokens; decoded value was '"
                + cookieAsPlainText + "'");

            return null;
          }
        }
        else {
          cancelCookie(request, response, "Cookie token was not Base64 encoded; value was '" + cookieValue
              + "'");

          return null;
        }
      }
    }

    return null;
  }

  /**
   * @param tokenExpiryTime
   * @param userDetails
   * @return
   */
  protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) {
    String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":"
        + userDetails.getPassword() + ":" + this.key);
    return expectedTokenSignature;
  }

  protected boolean isValidUserDetails(HttpServletRequest request, HttpServletResponse response,
      UserDetails userDetails, String[] cookieTokens) {
    // Immediately reject if the user is not allowed to
    // login
    if (!userDetails.isAccountNonExpired() || !userDetails.isCredentialsNonExpired() || !userDetails.isEnabled()) {
      cancelCookie(request, response, "Cookie token[0] contained username '" + cookieTokens[0]
          + "' but account has expired, credentials have expired, or user is disabled");

      return false;
    }
    return true;
  }

  protected UserDetails loadUserDetails(HttpServletRequest request, HttpServletResponse response,
      String[] cookieTokens) {
    UserDetails userDetails = null;

    try {
      userDetails = this.userDetailsService.loadUserByUsername(cookieTokens[0]);
    }
    catch (UsernameNotFoundException notFound) {
      cancelCookie(request, response, "Cookie token[0] contained username '" + cookieTokens[0]
          + "' but was not found");

      return null;
    }
    return userDetails;
  }

  protected boolean isTokenExpired(long tokenExpiryTime) {
    // Check it has not expired
    if (tokenExpiryTime < System.currentTimeMillis()) {
      return true;
    }
    return false;
  }

  protected void cancelCookie(HttpServletRequest request, HttpServletResponse response, String reasonForLog) {
    if ((reasonForLog != null) && logger.isDebugEnabled()) {
      logger.debug("Cancelling cookie for reason: " + reasonForLog);
    }

    response.addCookie(makeCancelCookie(request));
  }

  public String getKey() {
    return key;
  }

  public String getParameter() {
    return parameter;
  }

  public long getTokenValiditySeconds() {
    return tokenValiditySeconds;
  }

  public UserDetailsService getUserDetailsService() {
    return userDetailsService;
  }

  public void loginFail(HttpServletRequest request, HttpServletResponse response) {
    cancelCookie(request, response, "Interactive authentication attempt was unsuccessful");
  }

  protected boolean rememberMeRequested(HttpServletRequest request, String parameter) {
    if (alwaysRemember) {
      return true;
    }

    return RequestUtils.getBooleanParameter(request, parameter, false);
  }

  public void loginSuccess(HttpServletRequest request, HttpServletResponse response,
      Authentication successfulAuthentication) {
    // Exit if the principal hasn't asked to be remembered
    if (!rememberMeRequested(request, parameter)) {
      if (logger.isDebugEnabled()) {
        logger.debug("Did not send remember-me cookie (principal did not set parameter '" + this.parameter
            + "')");
      }

      return;
    }

    // Determine username and password, ensuring empty strings
    Assert.notNull(successfulAuthentication.getPrincipal());
    Assert.notNull(successfulAuthentication.getCredentials());

    String username = retrieveUserName(successfulAuthentication);
    String password = retrievePassword(successfulAuthentication);

    // If unable to find a username and password, just abort as
    // TokenBasedRememberMeServices unable to construct a valid token in
    // this case
    if (!StringUtils.hasLength(username) || !StringUtils.hasLength(password)) {
      return;
    }

    long expiryTime = System.currentTimeMillis() + (tokenValiditySeconds * 1000);

    // construct token to put in cookie; format is:
    // username + ":" + expiryTime + ":" + Md5Hex(username + ":" +
    // expiryTime + ":" + password + ":" + key)
    String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key);
    String tokenValue = username + ":" + expiryTime + ":" + signatureValue;
    String tokenValueBase64 = new String(Base64.encodeBase64(tokenValue.getBytes()));
    response.addCookie(makeValidCookie(tokenValueBase64, request, tokenValiditySeconds));

    if (logger.isDebugEnabled()) {
      logger
          .debug("Added remember-me cookie for user '" + username + "', expiry: '" + new Date(expiryTime)
              + "'");
    }
  }

  public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    cancelCookie(request, response, "Logout of user "
        + (authentication == null ? "Unknown" : authentication.getName()));
  }

  protected String retrieveUserName(Authentication successfulAuthentication) {
    if (isInstanceOfUserDetails(successfulAuthentication)) {
      return ((UserDetails) successfulAuthentication.getPrincipal()).getUsername();
    }
    else {
      return successfulAuthentication.getPrincipal().toString();
    }
  }

  protected String retrievePassword(Authentication successfulAuthentication) {
    if (isInstanceOfUserDetails(successfulAuthentication)) {
      return ((UserDetails) successfulAuthentication.getPrincipal()).getPassword();
    }
    else {
      return successfulAuthentication.getCredentials().toString();
    }
  }

  private boolean isInstanceOfUserDetails(Authentication authentication) {
    return authentication.getPrincipal() instanceof UserDetails;
  }

  protected Cookie makeCancelCookie(HttpServletRequest request) {
    Cookie cookie = new Cookie(cookieName, null);
    cookie.setMaxAge(0);
    cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");

    return cookie;
  }

  protected Cookie makeValidCookie(String tokenValueBase64, HttpServletRequest request, long maxAge) {
    Cookie cookie = new Cookie(cookieName, tokenValueBase64);
    cookie.setMaxAge(new Long(maxAge).intValue());
    cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");

    return cookie;
  }

  public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
    Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
    this.authenticationDetailsSource = authenticationDetailsSource;
  }

  public void setKey(String key) {
    this.key = key;
  }

  public void setParameter(String parameter) {
    this.parameter = parameter;
  }

  public void setCookieName(String cookieName) {
    this.cookieName = cookieName;
  }

  public void setTokenValiditySeconds(long tokenValiditySeconds) {
    this.tokenValiditySeconds = tokenValiditySeconds;
  }

  public void setUserDetailsService(UserDetailsService userDetailsService) {
    this.userDetailsService = userDetailsService;
  }

  public boolean isAlwaysRemember() {
    return alwaysRemember;
  }

  public void setAlwaysRemember(boolean alwaysRemember) {
    this.alwaysRemember = alwaysRemember;
  }

  public String getCookieName() {
    return cookieName;
  }

}


fendou4533
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Security登录实现记住我功能
weixin_38927257的博客
11-05 786
文章目录模拟场景原理记住我流程:实现登录页面添加记住我checkboxBrowserSecurityConfig 中初始化 PersistentTokenRepositoryBrowserProperties 加入记住时间属性上一节的错误 启动报错测试首次登录AbstractAuthenticationProcessingFilter#successfulAuthentication**二次登录R...
sso 登出_SSO单点登录/登出系统实现
weixin_30843553的博客
01-12 1017
先把源码贴出来,再慢慢讲解思路和原理以及实现方式-->源代码1.0整合了Mybatis +redis/redis集群二级缓存+cookie加密机制+token-->源代码2.1 密码:5npa1 什么是单点登录?2 功能分析单点登录这里我用三个工程来 实现和演示1 ssoServer 是认证中心,所有用户的登录操作都在这里完成基于maven ,使用ssm搭建2 sso_app1 系统...
TokenBasedRememberMeServices
Leon_Jinhai_Sun的博客
05-11 489
在开启记住我后如果没有加入额外配置默认实现就是由TokenBasedRememberMeServices进行的实现。查看这个类源码中 processAutoLoginCookie 方法实现: processAutoLoginCookie 方法主要用来验证 Cookie 中的令牌信息是否合法: 首先判断 cookieTokens 长度是否为了,不为了说明格式不对,则直接抛出异常。 从cookieTokens 数组中提取出第 1项,也就是过期时间,判断令牌是否过期,如果己经过期,则拋出异常
Acegi学习心得《二》
kyleo
03-26 102
在配置Acegi Filter Chain Proxy是设定了targetClass,并制定了其代表的类,并在其他配置文件中声明了其具体的实现。其中实现是通过指定filterInvocationDefinitionSource的。如下: [code="java"] CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON ...
Spring Security 06 Rember Me
weixin_46058921的博客
05-07 499
当用户通过用户名/密码的形式登录成功后,系统会根据用户的用户名、密码以及令牌的过期时间计算出一个签名,这个签名使用 MD5 消息摘要算法生成,是不可逆的。然后再将用户名、令牌过期时间以及签名拼接成一个字符串,中间用“:” 隔开,对拼接好的字符串进行Base64 编码,然后将编码后的结果返回到前端,也就是我们在浏览器中看到的令牌。
Android AES加密解密
最新发布
07-28
//加密解密的key String key = "1234567890"; //输入的内容 String encryptData = etData.getText().toString(); //点击加密按钮,显示加密后的内容 tvEncryption.setText(AESUtils.encrypt(key, encryptData)); //...
C#加密解密DeEncryptHelper.zip
04-25
DES加密/解密类。 加密 加密数据 解密 解密数据 得到随机安全码(哈希加密)。 得到随机哈希加密字符串 哈希加密一个字符串 RSA加密解密及RSA签名和验证 RSA 的密钥产生 产生私钥 和公钥 RSA 方式加密 RSA的解密...
Springboot实现密码的加密解密
08-28
Java 的加密解密 API 提供了多种加密解密算法,例如 AES、RSA 等。这些算法可以用来实现密码的加密解密。 下面是一个简单的示例代码,演示如何使用 Java 的加密解密 API 实现密码的加密解密: ```java import ...
加密解密C#
03-16
在IT行业中,加密解密是信息安全领域的重要组成部分,特别是在软件开发中,如C#编程。本文将深入探讨C#中的加密解密技术,并结合提供的压缩包文件"okbase.net",来阐述相关知识点。 首先,加密是将明文数据转化为...
VB字符串加密解密
05-12
在VB(Visual Basic)编程中,字符串加密解密是信息安全的重要组成部分,它涉及到数据的保护,以防止未经授权的访问。下面将详细讲解VB字符串加密解密的基本概念、常用方法以及实现过程。 首先,理解加密的基本...
SpringSecurity的记住登录实现过程———【RememberMeServices】分析过程
SunRains
12-09 1458
在上一篇文章《SpringSecurity的认证流程分析(各个组件之间的关联)》介绍认证的基本流程时,其中的AbstractAuthenticationProcessingFilter有这样一个属性——RememberMeService引起我的注意,虽然从字面上很容易理解这个属性是和记住登录有关。但是其中的实现过程又是如何不深入还真不清楚,所以秉着学习的态度专门了解一下Security中对这个功能的实现。 在了解之前,先要清楚为什么会需要这个类来实现?当我们在很多网站上注册...
【spring security】spring security前后端分离设置rememberMe(一)
Meditation_Crazy
09-28 1297
文章目录前言解决过程解决总结 前言 前面基础的登录,权限验证等都已经完成了,现在想实现记住密码的操作,按网上博客来实现了一翻,却总是失败,token并没有存储到persistent_logins表。 解决过程 经过调试发现是因为当登录成功的时候,rememberMeServices执行的方法是NullRememberMeServices下面的: 可以看到它执行了NullRememberMeServices下面的方法。 然后查看另外一个实现类下面的代码AbstractRememberMeServic
Spring Security 的 RememberMe 详解 !!!!!
weixin_52834606的博客
09-03 3211
spring security 记住我 rememberMe
史上最简单的Spring Security教程(三十七):RememberMe记住我原理剖析
银河架构师的博客
10-20 1551
​用户登录中常用的RememberMe-记住我功能,通俗来讲,即用户成功登录一次以后,系统自动记住该用户一段时间(可配置,Spring Security 框架默认为两周)。而在此时间段内,用户不必重新登录即可访问系统资源。本文即对Spring Security框架提供的RememberMe-记住我实现逻辑进行详细讲解,剖析其实现过程。 用户登录 首先,在用户登录时,如果用户勾选了 记住我 选项,则系统会将该用户的一些信息进行处理,以便下次不必登录即可访问系统。在第一次登录时,请求会由 Us...
SpringSecurity之RememberMe功能的原理
qq_16159433的博客
10-17 496
在大多数网站中,都会实现RememberMe这个功能,方便用户在下一次登录时直接登录,避免再次输入用户名以及密码去登录,下面,主要讲解如何使用Spring Security实现记住我这个功能以及深入源码探究它的原理。 首先,如下图所示为Spring Security实现RememberMe功能的原理图: 核心接口:RememberMeService 先来看看RememberMeService接口的3个方法 方法名 执行时间 描述 autoLogin 收到请求时,由RememberMeA
Spring Security内存令牌
Leon_Jinhai_Sun的博客
05-12 196
PersistentTokenBasedRememberMeServices 不同于 TokonBasedRemornberMeServices 中的 processAutologinCookie 方法,这里cookieTokens 数组的长度为2,第一项是series,第二项是 token。 从cookieTokens数组中分到提取出 series 和 token. 然后根据 series 去内存中查询出一个 PersistentRememberMeToken对象。如果查询出来的对象为
SpringSecurity之RememberMe实现
qq_16159433的博客
10-17 303
RememberMe的实现一定离不开Token的持久化存储。来看看使用Security应该怎么用RememberMe功能 RememberMe实现的两个模式 Security中有着两个实现RememberMe功能的实现类,但是都离不开持久化Token。 AbstractRememberMeServices的实现类 PersistentTokenBasedRememberMeServices服务端或数据库保存Cookie 其中tokenRepository属性时存储的方案: InMemoryToken
srpingsecurity remember me 简单认证token怎么实现的
jiangguochen2的博客
05-28 131
在上述配置中,我们使用了TokenBasedRememberMeServices作为RememberMeServices的实现类,并指定了一个唯一且保密的密钥(“uniqueAndSecretKey”)来生成和验证令牌。此外,我们使用了InMemoryTokenRepositoryImpl作为PersistentTokenRepository的实现类,这意味着令牌将存储在内存中。在Spring Security中,“Remember Me”(记住我)功能可以使用户在关闭浏览器后仍然保持登录状态。
SpringSecurity学习笔记(九)RememberMe进阶
怕什么真理无穷,进一寸有一寸的欢喜。即使开了一辆老掉牙的破车,只要在前行就好,偶尔吹点小风,这就是幸
10-07 538
前面我们介绍了rememberMe的实现原理,从中我们可以思考这样一个问题,如果我们的cookie被非法用户获取,然后携带这个cookie进行访问我们的项目中的内容,就会导致非法用户登录。这个问题怎么解决呢?

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值