开发者

Is it possible to programmatically authenticate with Spring Security and make it persistent?

I'm using the following method in a Spring Controller to allow authentication via Ajax. It works, but it doesn't seem to create a cookie or anything that makes the authentication persistent.

@RequestMapping(method = RequestMethod.POST)
@ResponseBody
public LoginStatus login(@RequestParam("j_username") String username,
                         @RequestParam("j_password") String password) {

    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);

    try {
        Authentication auth = authenticationManager.authenticate(token);
开发者_运维知识库        SecurityContextHolder.getContext().setAuthentication(auth);
        return new LoginStatus(auth.isAuthenticated(), auth.getName());
    } catch (BadCredentialsException e) {
        return new LoginStatus(false, null);
    }
}

What do I need to do to make the authentication persistent?


Make sure

  • you have SecurityContextPersistenceFilter configured
  • you are not setting create-session attribute of <security:http> tag to none.
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜