spring security 实现免登陆功能大体也是基于COOKIE来实现的。
主要配置信息:
<remember-me data-source-ref="dataSource" key="rememberMeCookie"
authentication-success-handler-ref="authenticationSuccessHandler"
services-alias="rememberMeServices" />
1.首先登陆表单要Post URL: /j_spring_security_check 同时_spring_security_remember_me要等于yes,这时登陆后会记录cookie到数据库中;
/j_spring_security_check?_spring_security_remember_me=yes
代码逻辑:
UsernamePasswordAuthenticationFilter 登陆验证过滤器拦截/j_spring_security_check同时调用AbstractRememberMeServices 接口实现
this.rememberMeServices.loginSuccess(request, response, authResult);
2.当会话失效时,这个时候RememberMeAuthenticationFilter 过滤器会调用this.rememberMeServices.autoLogin(request, response);自动登陆;
同时successHandler.onAuthenticationSuccess(reque
主要配置信息:
<remember-me data-source-ref="dataSource" key="rememberMeCookie"
authentication-success-handler-ref="authenticationSuccessHandler"
services-alias="rememberMeServices" />
1.首先登陆表单要Post URL: /j_spring_security_check 同时_spring_security_remember_me要等于yes,这时登陆后会记录cookie到数据库中;
/j_spring_security_check?_spring_security_remember_me=yes
代码逻辑:
UsernamePasswordAuthenticationFilter 登陆验证过滤器拦截/j_spring_security_check同时调用AbstractRememberMeServices 接口实现
this.rememberMeServices.loginSuccess(request, response, authResult);
2.当会话失效时,这个时候RememberMeAuthenticationFilter 过滤器会调用this.rememberMeServices.autoLogin(request, response);自动登陆;
同时successHandler.onAuthenticationSuccess(reque