Home/ Questions/Q 8502251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T01:25:56+00:00

My Spring Security XML is as following: <http use-expressions=true> <intercept-url pattern=/login access=isAnonymous() requires-channel=https/> <intercept-url

  • 0

My Spring Security XML is as following:

    <http use-expressions="true">
        <intercept-url pattern="/login" access="isAnonymous()" requires-channel="https"/>
        <intercept-url pattern="/login/" access="isAnonymous()" requires-channel="https" />
        <intercept-url pattern="/logout-success" access="isAnonymous()" />
        <intercept-url pattern="/logout-success/" access="isAnonymous()" />     
        <intercept-url pattern="/logout" access="isAuthenticated()" />

        <intercept-url pattern="/**" access="hasRole('ROLE_SUPER_ADMIN')" />
        <form-login login-page="/login/" default-target-url="/example/Login_execute"/>
        <logout logout-url="/logout" logout-success-url="/logout-success" />
        <remember-me services-ref="rememberMeServices"/>

        <port-mappings>
            <port-mapping http="8080" https="8443"/>
        </port-mappings>        
    </http>

...

    <beans:bean id="userDetailsService" class="com.myownpackage.UserAccountServiceImpl"/>

    <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
        <beans:property name="userDetailsService" ref="userDetailsService" />
        <beans:property name="tokenRepository" ref="persistentTokenRepository" />
        <beans:property name="key" value="myownkey" />
    </beans:bean>

<beans:bean id="persistentTokenRepository" class="com.myownpackage.PersistentTokenRepositoryImpl" />

Whenever I login and I tick the remember me, my program will save something to remember me database table (that’s correct).

If I close my browser, re-open the browser, and open a page which requires authentication, my program will execute processAutoLoginCookie at PersistentTokenBasedRememberMeServices and returning correct UserDetails (that’s also correct)

BUT, even so, I am still redirected to the login page.

By the way, the login page is customized, and what I do is just displaying JSP file with a form for login.

Is there any step I missed when writing the spring security XML?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Spring Security’s “Remember Me” uses a Cookie in the client side, which is your browser.

    From Spring’s DOCS:

    Remember-me or persistent-login authentication refers to web sites
    being able to remember the identity of a principal between sessions.
    This is typically accomplished by sending a cookie to the browser,
    with the cookie being detected during future sessions and causing
    automated login to take place. Spring Security provides the necessary
    hooks for these operations to take place, and has two concrete
    remember-me implementations. One uses hashing to preserve the security
    of cookie-based tokens and the other uses a database or other
    persistent storage mechanism to store the generated tokens.

    Spring’s idea is that you will be able to login automatically between different Sessions:

    Server’s Sessions, meaning when the Server “bounces” (goes down and then up), are handled, for example, by Persistency.

    Clients’ Session are handled by the browser (Cookies). The browser uses a Cookie that Spring sends, the Server verifies this Cookie and lets the user login automatically , without the need to enter credentials again.

    Check the Cookies within your browser.

    HTH.

    Ohad.

    • 0