Scenes
I have to remember to log a lot of this feature, the user login time later, the system will remember the user for some time, during this time, the user can not log in again using our system. Remember the basic principles of user functions as shown below:
When users log on, the request is sent to the filter UsernamePasswordAuthenticationFilter, when the authentication is successful this filter calls RememberMeService, will generate a token, the token is written to the browser cookie, while inside there is a RememberMeService TokenRepository, the token and the user information is written to the database. So that when users access the system again, to access a particular interface will go through the filter of a RememberMeAuthenticationFilter, he reads the cookie token, to RememberService, RememberService will use TokenRepository check whether there are records from the database based on token, if there is will record the user name taken out, then call UserDetailService get user information based on user name, and then placed in SecurityContext.
Implementation class
First, to achieve operating token of the class that implements the CRUD functions, we use redis save, a new class RememberMeHandler, this class needs to implement the interface PersistentTokenRepository, first of all to look at the overall class structure:
In order to facilitate inquiries, we have to remember a user when saving data to redis in three, two of which are based on series check the user name and user name check series. Length of 15 days when stored token defined, both as 30 days. Bottom three methods is to save these two key methods and generate all of the key methods. Four overridden method is CRUD methods. First look at new:
Users need to remember when putting together the user's information is added to redis and define the 15-day expiration period. Then look modification and deletion:
It is to save the contents of the normal operation, the last to see the query:
Remember that a user, the user logs on, check out the user information, automatic certification.
There are many ways to use the Internet to achieve jdbc, it is also a good choice.
Configuring Remember me
In the security configuration class, you need to configure remember my name and parameter handling class:
Note that the configuration of the authorization to use authenticated (). Remember me increase the login page:
Note that the parameter is the name of remember-me remember my default security name.
test
Remember me unchecked, click on the login, redis and did not record token information, check the Remember Me, click login, you can remember seeing my information is recorded in the redis:
We start the project, and check the Remember user login is successful, then re-start the project, visit the page in the same browser, you can see directly without logging success!
Code Address: https://gitee.com/blueses/spring-boot-security 10