Spring security token persistence storage not working -


the problem login , things working great except remember me logic. cookie not set , there no rows inserted in database.

this security configuration class.

import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.web.authentication.rememberme.jdbctokenrepositoryimpl; import org.springframework.security.web.authentication.rememberme.persistenttokenrepository;  import javax.sql.datasource;  /**  * spring security configurations.  */ @configuration @enablewebsecurity public class websecurityconfig extends websecurityconfigureradapter {     @autowired     private datasource datasource;      @override     protected void configure(httpsecurity http) throws exception {         http                 // authorize requests                 .authorizerequests()                     // allow admins access administration pages                     .antmatchers("/admin/**").access("hasrole('admin')")                     // allow 1 access register , main pages alongside                     // resources files contains css , javascript files                     .antmatchers("/resources/**", "/register", "/").permitall()                     // authenticate other request                     .anyrequest().authenticated()                     .and()                 // set login form.                 .formlogin()                     //.successhandler(successhandler())                     .loginpage("/login")                     .usernameparameter("email").passwordparameter("password")                     .permitall()                     .and()                 // enable remember me cookie , persistence storage                 .rememberme()                     // database token repository                     .tokenrepository(persistenttokenrepository())                     // valid 20 days                     .tokenvalidityseconds(20 * 24 * 60 * 60)                     .remembermeparameter("remember-me")                     .and()                 // log out handler                 .logout()                     .permitall()                     .and()                 // enable cross-site request forgery                 .csrf();     }      @bean     public persistenttokenrepository persistenttokenrepository() {         jdbctokenrepositoryimpl db = new jdbctokenrepositoryimpl();         db.setdatasource(datasource);         return db;     }      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {         // provide database authentication , swl queries fetch user's data..         auth.jdbcauthentication().datasource(datasource)                 .usersbyusernamequery("select email, password, enabled users email=?")                 .authoritiesbyusernamequery("select us.email, ur.role users us, " +                         " roles ur us.role_id=ur.id , us.email=?");     } }

and database table token persistence

create table persistent_logins (     username varchar(254) not null,     series varchar(64) not null,     token varchar(64) not null,     last_used timestamp not null,     primary key (series) );

spring security comes 2 implementation of persistenttokenrepository : jdbctokenrepositoryimpl , inmemorytokenrepositoryimpl. i'm using hibernate in application, create custom implementation using hibernate instead of using jdbc.

@repository("tokenrepositorydao") @transactional public class hibernatetokenrepositoryimpl extends abstractdao<string, persistentlogin>         implements persistenttokenrepository {      static final logger logger = loggerfactory.getlogger(hibernatetokenrepositoryimpl.class);      @override     public void createnewtoken(persistentremembermetoken token) {         logger.info("creating token user : {}", token.getusername());         persistentlogin persistentlogin = new persistentlogin();         persistentlogin.setusername(token.getusername());         persistentlogin.setseries(token.getseries());         persistentlogin.settoken(token.gettokenvalue());         persistentlogin.setlast_used(token.getdate());         persist(persistentlogin);      }      @override     public persistentremembermetoken gettokenforseries(string seriesid) {         logger.info("fetch token if seriesid : {}", seriesid);         try {             criteria crit = createentitycriteria();             crit.add(restrictions.eq("series", seriesid));             persistentlogin persistentlogin = (persistentlogin) crit.uniqueresult();              return new persistentremembermetoken(persistentlogin.getusername(), persistentlogin.getseries(),                     persistentlogin.gettoken(), persistentlogin.getlast_used());         } catch (exception e) {             logger.info("token not found...");             return null;         }     }      @override     public void removeusertokens(string username) {         logger.info("removing token if user : {}", username);         criteria crit = createentitycriteria();         crit.add(restrictions.eq("username", username));         persistentlogin persistentlogin = (persistentlogin) crit.uniqueresult();         if (persistentlogin != null) {             logger.info("rememberme selected");             delete(persistentlogin);         }      }      @override     public void updatetoken(string seriesid, string tokenvalue, date lastused) {         logger.info("updating token seriesid : {}", seriesid);         persistentlogin persistentlogin = getbykey(seriesid);         persistentlogin.settoken(tokenvalue);         persistentlogin.setlast_used(lastused);         update(persistentlogin);     }  }

Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more