我是Spring Security的新手。 我有一个业务规则,规定用户每次进入网站时都需要登录,但是,如果他们选中了“记住我”复选框,他们的用户名将在访问之间被记住(并且在表单中预先填充)并且仍然需要输入密码并登录。
Spring Security中的Remember Me功能是否可以实现这样的功能?
谢谢。
I am new to Spring Security. I have a business rule that states the user is required to login each time they enter the site, but, if they check the Remember Me checkbox, their username will be be remembered between visits (and prepopulated in the form) and they are still required to enter their password and login.
Is something like this possible with the Remember Me functionality in Spring Security?
Thanks.
最满意答案
“记住我”弹簧安全功能并不适用于您描述的用例。 记住我允许用户返回该站点并立即登录,无需用户名或密码。
这是因为用户身份由REMEMBER_ME cookie定义,该cookie在提交时创建新会话,以防用户未登录且不存在会话。
实现仅记住用户名并仍然强制用户键入密码的一种方法是使用仅包含用户名的单独自定义cookie。
可以使用servlet API addCookie方法在后端使用Javascript cookie API在前端创建新cookie。
The Remember me functionality of spring security is not meant for the use case you describe. Remember Me allows the user to go back to the site and be immediately logged in without user name or password.
This is because the user identity is defined by a REMEMBER_ME cookie that creates a new session upon submission, in case the user was not logged in and no session existed.
One way to implement remembering the username only and still force the user to type the password is to use a separate custom cookie that contains the username only.
The new cookie can either be created in the backend using the servlet API addCookie method, on in the frontend using the Javascript cookie APIs.
更多推荐
发布评论