Spring Security - Persistent Remember Me Issue

Posted by Taylor L on Stack Overflow See other posts from Stack Overflow or by Taylor L
Published on 2010-03-16T10:23:48Z Indexed on 2010/03/16 10:36 UTC
Read the original article Hit count: 888

I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires authentication I am not redirected back to the login page. However, the logs appear to be saying the login credentials are invalid. I'm using Spring 3.0.1, Spring Security 3.0.1, and Google App Engine 1.3.1. Any ideas as to what is going on?

Mar 16, 2010 10:05:56 AM org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices onLoginSuccess
FINE: Creating new persistent login for user [email protected]
Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices loginFail
FINE: Interactive login attempt was unsuccessful.
Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices cancelCookie
FINE: Cancelling cookie

Below is the relevant portion of the applicationContext-security.xml.

<http auto-config="false">
    <intercept-url pattern="/css/**" filters="none" />
    <intercept-url pattern="/img/**" filters="none" />
    <intercept-url pattern="/js/**" filters="none" />
    <intercept-url pattern="/app/admin/**" filters="none" />
    <intercept-url pattern="/app/login/**" filters="none" />
    <intercept-url pattern="/app/register/**" filters="none" />
    <intercept-url pattern="/app/error/**" filters="none" />
    <intercept-url pattern="/" filters="none" />
    <intercept-url pattern="/**" access="ROLE_USER" />
    <logout logout-success-url="/" />
    <form-login login-page="/app/login" default-target-url="/" authentication-failure-url="/app/login?login_error=1" />
    <session-management invalid-session-url="/app/login" />
    <remember-me services-ref="rememberMeServices" key="myKey" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="sha-256" base64="true">
            <salt-source user-property="username" />
        </password-encoder>
    </authentication-provider>
</authentication-manager>

<beans:bean id="userDetailsService" class="com.my.service.auth.UserDetailsServiceImpl" />

<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
    <beans:property name="userDetailsService" ref="userDetailsService" />
    <beans:property name="tokenRepository" ref="persistentTokenRepository" />
    <beans:property name="key" value="myKey" />
</beans:bean>

<beans:bean id="persistentTokenRepository" class="com.my.service.auth.PersistentTokenRepositoryImpl" />

© Stack Overflow or respective owner

Related posts about spring-security

Related posts about spring