0

I use 'remember me' function from Spring Security. Also I use LDAP to check user authentication. Here is my security-context.xml:

 <sec:http use-expressions="true">
    <sec:intercept-url pattern="/login" access="permitAll()"/>
    <sec:intercept-url pattern="/_*.js" access="permitAll()"/>
    <sec:intercept-url pattern="/403" access="isAuthenticated()"/>
    <sec:form-login login-page="/login" authentication-success-handler-ref="loginController"
                    authentication-failure-handler-ref="loginController"/>
    <sec:remember-me user-service-ref="ldapUserDetailsService" data-source-ref="dataSource"/>
    <sec:access-denied-handler error-page="/403"/>
    <sec:logout/>
</sec:http>

<sec:authentication-manager>
    <sec:authentication-provider ref="customizedActiveDirectoryAuthenticationProvider"/>
</sec:authentication-manager>

<bean id="userDetailsMapper"
      class="MyLdapUserDetailsMapper"/>
<bean id="authoritiesPopulator"
      class="MyAuthoritiesPopulator"/>

<bean id="customizedActiveDirectoryAuthenticationProvider"
      class="MyCustomizedActiveDirectoryAuthenticationProvider">
    <!--some configuration here-->
</bean>

<bean id="ldapUserDetailsService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
     <!--some configuration here-->
</bean>

And my login.js contains:

            xtype: 'checkbox',
            fieldLabel: '&nbsp;',
            boxLabel: 'Remember me',
            labelSeparator: '',
            name: '_spring_security_remember_me',
            checked: false

I found that RememberMeAuthenticationFilter is used if it helps.
In the most cases remember-me function works fine. But sometimes after I close browser, it doesn't remember me and I see login page, although I pressed 'remember me' before.
What is wrong here? Or may be problem is not with Spring Security?
I read this, but I use Spring Security 3.1.x that does not contain WebSecurityConfigurerAdapter. So I don't know how I can use this article.

Community
  • 1
  • 1
RuF
  • 548
  • 1
  • 11
  • 31
  • "Sometimes it doesn't work" isn't really enough to go on. Can you be more specific? Have you checked whether the remember-me cookie is set, for example, when you expect it to work? Debug the requests between your browser and the server (using a browser plugin, for example) and work out what's different when it doesn't work. Then describe the exact sequence of requests and responses. Is the cookie sent to the server (it might behave differently if you are using HTTPS for example). Also, your configuration doesn't have ant secure resources which would require authentication. – Shaun the Sheep Sep 24 '14 at 16:23
  • I found that sometimes(I don't know what does it depend) when my browser has cookie SPRING_SECURITY_REMEMBER_ME_COOKIE before I open a page of my app, this cookie is deleted when I open my app. But sometimes all are right. Maybe it depends how RememberMeAuthenticationFilter compare value of cookie. Is it necessary to override some RememberMeAuthenticationFilter or some other class for working "remember me" function correctly? – RuF Sep 25 '14 at 10:42

0 Answers0