这个问题着实让我费了好大功夫,本来想放弃Rememberme功能了,后来在邮件列表中发现了解决之道,特此贴出来为大家共享.
- <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
- <property name="context">
- <value>org.acegisecurity.context.SecurityContextImplvalue>
- property>
- <property name="forceEagerSessionCreation" value="true"/>
- bean>
邮件列表地址:http://opensource.atlassian.com/projects/spring/browse/SEC-183
贴出原文给大家分享一下:
HttpSessionContextIntegrationFilter now provides an forceEagerSessionCreation property (defaults to false). If set to true, it will cause a HttpSession to be created at the commencement of each web request. When the authentication mechanisms later run, they will use the constructor of WebAuthenticationDetails which does not force a HttpSession to be created, thus extracting a Session ID if the session was already available (either through normal creation operations or the forceEagerSessionCreation property) or leaving the Session ID as null if no HttpSession was available.
The anonymous and remember-me authentication mechanisms have been amended to not force session creation. Those using concurrent session support with either (or both) of these authentication mechanisms will be required to set HttpSessionContextIntegrationFilter.forceEagerSessionCreation = true.
注:在acegi的1.0.3和1.0.4版本中测试通过