Remember Me

저는 TokenBasedRememberMeServices 를 커스터마이징하여 아래와 같이 구현하였습니다.SecurityConfig.java... @Override protected void configure(HttpSecurity http) throws Exception { http..authorizeRequests() .... .and() .rememberMe() .rememberMeServices(tokenBasedRememberMeServices()); } @Bean public CustomTokenBasedRememberMeServices tokenBasedRememberMeServices() { CustomTokenBasedRememberMeServices rememberMeServices = new CustomTokenBasedRememberMeServices("rememberMeKey", customUserDetailsService); rememberMeServices.setParameter("rememberMe"); rememberMeServices.setCookieName("REMEMBER_ME"); rememberMeServices.setTokenValiditySeconds(36000); return rememberMeServices; } ...CustomTokenBasedRememberMeService.javapublic class CustomTokenBasedRememberMeServices extends AbstractRememberMeServices { public CustomTokenBasedRememberMeServices(String key, UserDetailsService userDetailsService) { super(key, userDetailsService); } ... // 커스터마이징 @Override public void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) { AccountDto accountDto = (AccountDto)successfulAuthentication.getPrincipal(); String username = retrieveUserName(accountDto); String password = retrievePassword(accountDto); // If unable to find a username and password, just abort as // TokenBasedRememberMeServices is // unable to construct a valid token in this case. if (!StringUtils.hasLength(username)) { this.logger.debug("Unable to retrieve username"); return; } if (!StringUtils.hasLength(password)) { UserDetails user = getUserDetailsService().loadUserByUsername(username); password = user.getPassword(); if (!StringUtils.hasLength(password)) { this.logger.debug("Unable to obtain password for user: " + username); return; } } int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication); long expiryTime = System.currentTimeMillis(); // SEC-949 expiryTime += 1000L * ((tokenLifetime FormAuthenticationProvider.javapublic class FormAuthenticationProvider implements AuthenticationProvider { @Autowired private CustomUserDetailsService customUserDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // 사용자 입력 로그인 정보 String userId = authentication.getName(); String userPw = (String) authentication.getCredentials(); // DB에 저장된 로그인 정보 AccountContext accountContext = (AccountContext) customUserDetailsService.loadUserByUsername(userId); // 패스워드 검증 if (!passwordEncoder.matches(userPw, accountContext.getAccountDto().getUserPw())) { throw new BadCredentialsException("BadCredentialsException"); } // 추가 검증 FormWebAuthenticationDetails formWebAuthenticationDetails = (FormWebAuthenticationDetails) authentication.getDetails(); String secretKey = formWebAuthenticationDetails.getSecretKey(); if (secretKey == null || !"secret".equals(secretKey)) { throw new InsufficientAuthenticationException("Invalid SecretKey"); } // 인증에 성공한 인증객체 리턴 UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(accountContext.getAccountDto(), accountContext.getPassword(), accountContext.getAuthorities()); return authenticationToken; } @Override public boolean supports(Class authentication) { return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication); } }

ajax로 로그인 시 오류

찾았습니다.AjaxLoginProcessingFilter.java안에서 AjaxAuthenticationToken ajaxAuthenticationToken = new AjaxAuthenticationToken(accountDto.getUsername(), accountDto.getPassword()); FormWebAuthenticationDetails formWebAuthenticationDetails = new FormWebAuthenticationDetails(request); ajaxAuthenticationToken.setDetails(formWebAuthenticationDetails); 추가하면 되겠네요.. 강사님 github에 반영하면 좋을듯 합니다.