Spring Security Remember Me

记住我(Remember Me)是一种功能,允许用户在不重新登录的情况下访问应用程序。用户的登录会话在关闭浏览器后终止,如果用户再次通过打开浏览器访问应用程序,它会提示登录。

但是,我们可以通过使用记住我功能来避免这种重新登录。它会将用户的身份存储在Cookie或数据库中,并用于识别用户。

我们将在以下示例中实现这一点。让我们来看一个示例。

创建一个Maven项目

首先创建一个Maven项目并提供项目详细信息。

初始时,项目如下所示:

spring-security-remember-me.png

spring-security-remember-me2.png

Spring Security配置

配置项目以实现Spring Security。需要以下四个Java文件。首先创建一个包cn.javatiku并将所有文件放入其中。

AppConfig.java

package cn.javatiku;  
import org.springframework.context.annotation.Bean;    
import org.springframework.context.annotation.ComponentScan;    
import org.springframework.context.annotation.Configuration;    
import org.springframework.web.servlet.config.annotation.EnableWebMvc;    
import org.springframework.web.servlet.view.InternalResourceViewResolver;    
import org.springframework.web.servlet.view.JstlView;    
@EnableWebMvc    
@Configuration    
@ComponentScan({ "cn.javatiku.controller.*" })    
public class AppConfig {    
    @Bean    
    public InternalResourceViewResolver viewResolver() {    
        InternalResourceViewResolver viewResolver    
                          = new InternalResourceViewResolver();    
        viewResolver.setViewClass(JstlView.class);    
        viewResolver.setPrefix("/WEB-INF/views/");    
        viewResolver.setSuffix(".jsp");    
        return viewResolver;    
    }    
}   

MvcWebApplicationInitializer.java

package cn.javatiku;    
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;    
public class MvcWebApplicationInitializer extends    
        AbstractAnnotationConfigDispatcherServletInitializer {    
    @Override    
    protected Class<?>[] getRootConfigClasses() {    
        return new Class[] { WebSecurityConfig.class };    
    }    
    @Override    
    protected Class<?>[] getServletConfigClasses() {    
        // TODO Auto-generated method stub    
        return null;    
    }    
    @Override    
    protected String[] getServletMappings() {    
        return new String[] { "/" };    
    }    
}  

SecurityWebApplicationInitializer.java

package cn.javatiku;    
import org.springframework.security.web.context.*;          
    public class SecurityWebApplicationInitializer    
        extends AbstractSecurityWebApplicationInitializer {    
    }  

WebSecurityConfig.java

package cn.javatiku;  
import org.springframework.context.annotation.*;      
import org.springframework.security.config.annotation.web.builders.HttpSecurity;    
import org.springframework.security.config.annotation.web.configuration.*;    
import org.springframework.security.core.userdetails.*;    
import org.springframework.security.provisioning.InMemoryUserDetailsManager;  
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;    
@EnableWebSecurity    
@ComponentScan("cn.javatiku")    
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {    
@Bean    
public UserDetailsService userDetailsService() {    
    InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();    
    manager.createUser(User.withDefaultPasswordEncoder()  
    .username("admin").password("admin123").roles("ADMIN").build());    
    return manager;    
}    
    
@Override    
protected void configure(HttpSecurity http) throws Exception {    
      
      http.authorizeRequests().  
      antMatchers("/index", "/user","/").permitAll()  
      .antMatchers("/admin").authenticated()  
      .and()  
      .formLogin()  
      .loginPage("/login")  
      .and()  
      .rememberMe()  
      .key("rem-me-key")  
      .rememberMeParameter("remember") // it is name of checkbox at login page  
      .rememberMeCookieName("rememberlogin") // it is name of the cookie  
      .tokenValiditySeconds(100) // remember for number of seconds  
      .and()  
      .logout()  
      .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));    
}    
}  

控制器

cn.javatiku.controller包内创建一个名为HomeController的控制器。以下是控制器的代码。

HomeController.java

package cn.javatiku.controller;  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.RequestMapping;  
import org.springframework.web.bind.annotation.RequestMethod;  
@Controller  
public class HomeController {  
    @RequestMapping(value = "/", method = RequestMethod.GET)  
    public String index() {  
        return "index";  
    }  
    @RequestMapping(value = "/login", method = RequestMethod.GET)  
    public String login() {  
        return "login";  
    }  
    @RequestMapping(value = "/admin", method = RequestMethod.GET)  
    public String admin() {  
        return "admin";  
    }  
}  

视图

创建视图(JSP页面)以向浏览器生成输出。

index.jsp

<html>    
<head>      
<title>Home Page</title>    
</head>    
<body>    
Welcome to javatiku! <br> <br>  
<a href="admin">Admin login</a>    
</body>    
</html>  

admin.jsp

<html>    
<head>    
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">    
<title>Home Page</title>    
</head>    
<body>    
Welcome Admin! ?  
<a href="logout">logout</a>    
</body>    
</html>    

login.jsp

这是我们自定义的登录页面,我们在其中添加了“记住我”复选框。以下是代码。

<%@ taglib  
    prefix="c"  
    uri="http://java.sun.com/jsp/jstl/core"   
%>  
<c:url value="/login" var="loginUrl"/>  
<form action="${loginUrl}" method="post">         
    <c:if test="${param.error != null}">          
        <p>  
            Invalid username and password.  
        </p>  
    </c:if>  
    <c:if test="${param.logout != null}">         
        <p>  
            You have been logged out.  
        </p>  
    </c:if>  
    <p>  
        <label for="username">Username</label>  
        <input type="text" id="username" name="username"/>      
    </p>  
    <p>  
        <label for="password">Password</label>  
        <input type="password" id="password" name="password"/>      
    </p>  
    <p>  
        <label for="remember"> Remember me</label>  
        <input type="checkbox" name="remember" />  
    </p>  
    <input type="hidden"                          
        name="${_csrf.parameterName}"  
        value="${_csrf.token}"/>  
    <button type="submit" class="btn">Log in</button>  
</form>  

项目依赖

以下是包含所有必需依赖项的pom.xml文件。

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">  
  <modelVersion>4.0.0</modelVersion>  
  <groupId>cn.javatiku</groupId>  
  <artifactId>springrememberme</artifactId>  
  <version>0.0.1-SNAPSHOT</version>  
  <packaging>war</packaging>  
  <properties>    
    <maven.compiler.target>1.8</maven.compiler.target>    
    <maven.compiler.source>1.8</maven.compiler.source>    
</properties>    
<dependencies>    
  <dependency>    
            <groupId>org.springframework</groupId>    
            <artifactId>spring-webmvc</artifactId>    
            <version>5.0.2.RELEASE</version>    
        </dependency>    
        <dependency>    
        <groupId>org.springframework.security</groupId>    
        <artifactId>spring-security-web</artifactId>    
        <version>5.0.0.RELEASE</version>    
    </dependency>    
<dependency>  
    <groupId>org.springframework.security</groupId>  
    <artifactId>spring-security-core</artifactId>  
    <version>5.0.4.RELEASE</version>  
</dependency>  
    <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->  
<dependency>  
    <groupId>org.springframework.security</groupId>  
    <artifactId>spring-security-config</artifactId>  
    <version>5.0.4.RELEASE</version>  
</dependency>  
      
        
        <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->    
<dependency>    
    <groupId>javax.servlet</groupId>    
    <artifactId>javax.servlet-api</artifactId>    
    <version>3.1.0</version>    
    <scope>provided</scope>    
</dependency>    
<dependency>    
    <groupId>javax.servlet</groupId>    
    <artifactId>jstl</artifactId>    
    <version>1.2</version>    
</dependency>    
</dependencies>    
  <build>    
    <plugins>    
        <plugin>    
            <groupId>org.apache.maven.plugins</groupId>    
            <artifactId>maven-war-plugin</artifactId>    
            <version>2.6</version>    
            <configuration>    
                <failOnMissingWebXml>false</failOnMissingWebXml>    
            </configuration>    
        </plugin>    
    </plugins>    
</build>    
</project>  

项目结构

添加所有文件后,项目结构如下:

spring-security-remember-me3.png

启动服务器

输出:

spring-security-remember-me4.png

单击Admin登录链接并进行登录。

spring-security-remember-me5.png

注意,我们在登录时勾选了“记住我”复选框。

spring-security-remember-me6.png

复制URL:http://localhost:8080/springrememberme/admin,然后完全关闭浏览器。一秒钟后重新打开浏览器并粘贴复制的URL。

注意,它不会要求重新登录并将我们带回相同的页面,因为我们在登录时选中了“记住我”按钮。

标签: spring, Spring教程, Spring技术, Spring语言学习, Spring学习教程, Spring下载, Spring框架, Spring框架入门, Spring框架教程, Spring框架高级教程, Spring面试题, Spring笔试题, Spring编程思想