Spring Security Remember me with custom authentication provider
I am using GWT with spring security. I have a custom authentication provider where I perform all my authentication. How can I configure the remember me feature without using the UserDetailsService? I am not using LDAP.
My AppliationContext_security.xml
<http auto-config="true" entry-point-ref="UnauthorizedEntryPoint"
create-session="always">
<form-login authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler" />
<logout success-handler-ref="logoutSuccessHandler"
invalidate-session="true" />
<intercept-url pattern="/**/myapp.rpc" access="ROLE_USER" />
<custom-filter before="CONCURRENT_SESSION_FILTER" ref="XSRFAttackFilter" />
</http>
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider" />
</authentication-manager>
In my custom authentication provider,
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String username = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();
boolean response 开发者_高级运维= loginmanager.authenticateUser(username, password,
((ServletRequestAttributes) RequestContextHolder
.getRequestAttributes()).getRequest().getSession());
if (!response) {
throw new BadCredentialsException(
"Invalid Credentials.");
}
Authentication authentication = ...
authentication.setAuthenticated(true);
return authentication;
}
Any help will be greatly appreciated.
You will need to create a custom UserDetailsService
that gets the username/password from the same place that your loginmanager
is reading it from. See the source for TokenBasedRememberMeServices.processAutoLoginCookie()
to see how it's being used.
精彩评论