我正在尝试使用Spring Security编写 Remember Me 复选框,我有以下配置:
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/profile", "/logout").authenticated()
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/profile", true)
.failureUrl("/?loginerror=true")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.tokenValiditySeconds(86400)
.key("uniqueAndSecret")
.and()
.csrf().disable();
}如果用户没有通过身份验证,我希望他被重定向到索引页面,但是如果他通过身份验证,则重定向到配置文件页面。
@GetMapping("/")
public String doGetIndex(Model model) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof AnonymousAuthenticationToken) {
model.addAttribute("LoginDtoForm", new LoginDtoForm());
return "Index";
} else {
return "redirect:/profile";
}
}我已经debbuged代码,我可以看到,一切都是好的,当你按下记住我,它会提醒你,它会把你的个人资料,当没有,到索引。
当我揭穿:
问题是,如果你正常运行它,无论你是否按下复选框,它都会记住用户并将你发送到配置文件。有人能告诉我,我会发生什么吗?
新增信息
这是我的登录表单,它是一个模态索引:
<!DOCTYPE html>
<body>
<div id='login'>
<div class="modal fade modal-login" id="loginModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="loginModalLabel">Iniciar sesión</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<form th:action="@{/login}" method="post">
<div class="row">
<div class="col">
<label for="username" class="form-label">Nombre de usuario</label>
</div>
</div>
<div class="row">
<div class="col-11">
<input type="text" th:field="*{LoginDtoForm.username}" class="form-control" id="username"
required>
</div>
</div>
<div class="row">
<div class="col">
<label for="password" class="form-label">Contraseña</label>
</div>
</div>
<div class="row">
<div class="col-11">
<input type="password" class="form-control" id="password"
th:field="*{LoginDtoForm.password}" required>
</div>
<div class="col-1">
<i class="bi bi-eye-fill show-password-icon-index" id="eyeid"> </i>
</div>
</div>
<div class="row">
<div class="col form-check" style="margin-left: 12px">
<input type="checkbox" class="form-check-input" name="remember-me" th:checked="*{LoginDtoForm.rememberMe}" id="remember-me">
<label class="form-check-label" for="remember-me">Recuérdame</label>
</div>
</div>
<div class="row">
<div class="d-grid gap-2">
<button type="submit" class="btn btn-primary" style="margin-bottom: 20px">Iniciar sesión
</button>
</div>
</div>
<div class="row">
<div class="col">
<div th:if="${param.loginerror != null}" class="alert alert-danger" role="alert">
Nombre de usuario o contraseña inválidos
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
1条答案
按热度按时间lg40wkob1#
我认为要解决这个问题,请从复选框中删除
th:checked属性,因为当用户选中复选框时,Spring Security应该自动设置该属性。