Spring Security Series (7) remember user name login function

Keywords: Database JSON

Remember the basics of my function

The user sends a request to UsernamePasswordAuthenticationFilter. When the user authenticates successfully, a service like RemeberMeService will be called. There is a Token repository in the service, which will generate a Token, write the Token to the Cookie of the browser, and at the same time, the Token repository will write the generated Token to the database (as well as the user name). After a day, users do not need to log in to access the system. They directly access a protected service. When the request passes through the filter chain, it will be sent to the rember meservice through the rember meauthentication filter (read the Token in the Cookie). The rember meservice will check it in the database according to the Token. If there is a record, the user name will be taken out, after which the user details service will be called to get the user information, and then the user information will be put into the SecurityContext.

Rembermeauinticationfilter location:

Realization:

Page:

Security configuration class:

/**
 * Security configuration class
 * @author zhailiang
 *
 */
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private SecurityProperties securityProperties;
	
	@Autowired
	private AuthenticationSuccessHandler imoocAuthenticationSuccessHandler;
	
	@Autowired
	private AuthenticationFailureHandler imoocAuthenctiationFailureHandler;
	
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	//Remember my main operation configuration
	@Autowired
	private DataSource dataSource;
	
	@Autowired
	private UserDetailsService userDetailsService;
	
	//Remember my main operation configuration
	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
		tokenRepository.setDataSource(dataSource);
//		tokenRepository.setCreateTableOnStartup(true);
		return tokenRepository;
	}
	
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		//Configuration of verification code
		ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
		validateCodeFilter.setAuthenticationFailureHandler(imoocAuthenctiationFailureHandler);
		validateCodeFilter.setSecurityProperties(securityProperties);
		validateCodeFilter.afterPropertiesSet();
		
		//Put the filter of the verification code before the login verification filter
		http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
			.formLogin()
			.loginPage("/authentication/require")
			.loginProcessingUrl("/authentication/form")
			.successHandler(imoocAuthenticationSuccessHandler)//Successful login processing
			.failureHandler(imoocAuthenctiationFailureHandler)//Handling of login failure
			.and()
			.rememberMe()//Remember my actions
				.tokenRepository(persistentTokenRepository())
				.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
				.userDetailsService(userDetailsService)
			.and()
			.authorizeRequests()
			.antMatchers("/authentication/require",
					securityProperties.getBrowser().getLoginPage(),
					"/code/image").permitAll()
			.anyRequest()
			.authenticated()
			.and()
			.csrf().disable();
	}

}

 BrowserProperties:

public class BrowserProperties {
	
	private String loginPage = "/imooc-signIn.html";
	
	private LoginType loginType = LoginType.JSON;
	
	//Time to remember password
	private int rememberMeSeconds = 3600;

	public String getLoginPage() {
		return loginPage;
	}

	public void setLoginPage(String loginPage) {
		this.loginPage = loginPage;
	}

	public LoginType getLoginType() {
		return loginType;
	}

	public void setLoginType(LoginType loginType) {
		this.loginType = loginType;
	}

	public int getRememberMeSeconds() {
		return rememberMeSeconds;
	}

	public void setRememberMeSeconds(int rememberMeSeconds) {
		this.rememberMeSeconds = rememberMeSeconds;
	}
}

JdbcTokenRepositoryImpl:

AbstractAuthenticationProcessingFilter:

AbstractRememberMeServices:

PersistentTokenBasedRememberMeServices:

RememberMeAuthenticationFilter:

 

 

 

 

Posted by genistaff on Fri, 31 Jan 2020 07:29:57 -0800