Answer the question
In order to leave comments, you need to log in
Why does a loop occur when using rememberMe in Sprung Security?
Greetings dear forum users.
Can you please tell me why there is a loop when using rememberMe in Sprung Security?
For example: I clear Cookies, go to the site, log in, but at the same time check the "remember me" box. Everything is fine.
Further, without logging out, if I restart the server, everything seems to be fine, I remain authorized, but if I try to get to the login page, the page starts to freeze, the system starts to get hung up on connecting to the database
Hibernate:
select
user0_.username as col_0_0_,
user0_.password as col_1_0_
from
User user0_
where
user0_.username=?
Hibernate:
select
user0_.username as col_0_0_,
user0_.password as col_1_0_
from
User user0_
where
user0_.username=?
Hibernate:
select
user0_.username as col_0_0_,
user0_.password as col_1_0_
from
User user0_
where
user0_.username=?
package com.testremember.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final
PersistentTokenRepository persistentTokenRepository;
private final
UserDetailsService userDetailsService;
public SecurityConfig(PersistentTokenRepository persistentTokenRepository, UserDetailsService userDetailsService) {
this.persistentTokenRepository = persistentTokenRepository;
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/").permitAll()
.mvcMatchers("/login", "/registration").anonymous()
.mvcMatchers("/admin").hasAnyRole("ADMIN")
.mvcMatchers("/user").hasAnyRole("ADMIN", "USER")
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and().csrf().disable()
.rememberMe()
.tokenRepository(persistentTokenRepository)
.rememberMeParameter("remember-me")
.rememberMeCookieName("_rm")
.and()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
}
}
package com.testremember.security;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Collection;
import java.util.Collections;
@Service
public class UserDetail implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return new org.springframework.security.core.userdetails.User("user", "{noop}1111",
true, true, true, true, getAuthorities());
}
private Collection<? extends GrantedAuthority> getAuthorities(){
return Collections.singletonList(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question