Security篇:RememberMe
- 2020 年 12 月 15 日
- 筆記
RememberMe功能
rememberMeServices介面
有AbstractRememberMeServices抽象類
- PersistentTokenBasedRememberMeServices實現類
- TokenBasedRememberMeServices
通過授權驗證登錄成功,到那時表單添加rememberme功能後,表單數據提交多了一項數據,loginsuccess判斷值為true或者false,true會調用onLoginsuccess方法進行持久化存儲
持久化存儲有兩種情況:
- 記憶體
- 資料庫
記憶體PersistentTokenRepository介面的實現InMemoryTokenRepositoryImpl
資料庫JdbcTokenRepositoryImpl實現進行持久化存儲
Spring使用
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN')"></security:intercept-url>
<security:form-login login-processing-url="/index"></security:form-login>
//rememberme功能添加,user-service自定義的userDetail的類的javaBean 後面就是資料庫的javaBean
<security:remember-me user-service-ref="userDetail" data-source-ref="dataSource"></security:remember-me>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetail">
</security:authentication-provider>
</security:authentication-manager>
直接起飛,但是需要在資料庫中創建一個表
create table PERSISTENT_LOGINS (
USERNAME VARCHAR2(64),
SERIES VARCHAR2(64) not null,
TOKEN VARCHAR2(64),
LAST_USED TIMESTAMP,
constraint PK_PERSISTENT_LOGINS primary key (SERIES)
);
SpringBoot使用
@EnableWebSecurity
@Configuration
public class Security extends WebSecurityConfigurerAdapter {
@Autowired
private SecuritySer ss;
@Autowired
private DataSource ds;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**")
.hasAnyRole("ADMIN")
.anyRequest()
.permitAll()
.and()
.formLogin()
.permitAll()
.and()
.rememberMe()
.tokenRepository(setJdbc())
.tokenValiditySeconds(10000);
}
// 需要一個JdbcTokenRepositoryImpl對象,默認是使用的記憶體RememberMe實現,通過配置類切換即可
@Bean
public JdbcTokenRepositoryImpl setJdbc(){
JdbcTokenRepositoryImpl setToken = new JdbcTokenRepositoryImpl();
setToken.setDataSource(ds);
return setToken;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(ss);
}
}
以上僅為個人總結,如有不足或錯誤,請指正謝謝!
