Shulou(Shulou.com)06/03 Report--

This article will explain in detail how springsecurity realizes the next automatic login function process parsing, the editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

First, principle analysis

When the user logs in for the first time, if the readme option is checked, springsecurity will generate a cookie and return it to the browser after the login is successful. If the browser carries this cookie,springsecurity, the browser will release the visit the next time.

Second, the mode of realization

2.1 simple implementation

(1) in the configuration file of springsecurity, add a remember-me configuration under the http node

Where remember-me-parameter= "remembermeParamater" specifies whether the parameter name passed by the foreground is rememberme, and the parameter value to be passed by the foreground is true or false

(2) add a checkbox to the front desk login page

User name:

Secret code:

Remember me:

The name property of checkbox should be consistent with the remember-me-parameter= "remembermeParamater" in the configuration file above.

(3) testing

Start the project, log in, and observe cookie after successful login. You will find that a cookie named remember-me has been returned on the server side.

Now close the browser, open it again and access it. As long as you don't clear cookie, you can access the resources directly without having to log in again.

There is a disadvantage in this approach. The cookie value to be carried by the browser is stored in memory on the server side and is not persisted, so if the value stored on the server side is lost after the service is restarted, the rememberme on the browser side will become invalid. To solve this problem, you need to persist the cookie value generated on the server side to the database.

2.2 Database implementation

(1) create a table to persist rememberme records

-- create a table that records rememberme records

CREATE TABLE persistent_logins (username VARCHAR 64), series VARCHAR 64, token VARCHAR 64, last_used DATE)

(2) change the content of rememberme tag in spring-security configuration file to the following

Data-source-ref= "dataSource" is used to specify the data source, and spring-security manipulates the persistent_ logs table in the database through the data source.

Token-validity-seconds represents the valid time of rememberme, in seconds, where 864002403600 represents a day.

(3) testing

Start the project and log in. After successful login, a record will be generated in the persistent_logins table.

When the browser is closed and accessed again, the record in the database will be found according to the cookie value carried in the browser. If it is found, the record will be authenticated.

Third, distinguish between password login and rememberme login

When the user does some sensitive operations, you need to distinguish whether it is a rememberme login, if you need to let the user jump to the login page.

Provide a method to judge at the congtroller layer

@ GetMapping ("/ isRemembermeUser") public boolean isRemembermeUser () {Authentication authentication= SecurityContextHolder.getContext () .getAuthentication (); if (authentication==null) {return false;} / / determines whether the current user is logged in through rememberme, returns true, or false return RememberMeAuthenticationToken.class.isAssignableFrom (authentication.getClass ());}

Log in with a password, visit the http://localhost/user/isRemembermeUser.do, backend API to return false, then close the browser to access this address again, and the backend API returns true, indicating that rememberme is used for authentication this time.

On "springsecurity how to achieve the next automatic login function process parsing" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.