Bonjour,

J'essaye d'activer la fonctionnalité "remember me" sur un de nos projets utilisant Spring mais cela ne semble pas fonctionner.

Le cookie est bien crée au login quand la case est coché mais cela ne permet pas de se relogger automatiquement la fois suivante (je test en fermant l'onglet de mon projet et en supprimant le cookie JSESSIONID).

Si quelqu'un à une piste. Voici ma configuration de security (version 3.2.5)


Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.2.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.2.xsd">
    <security:http pattern="/javax.faces.resource/**" security="none" />
 
    <security:http pattern="/pages/**" auto-config="true" use-expressions="true" entry-point-ref="authenticationEntryPoint">
        <security:intercept-url pattern="/pages/login.xhtml" access="permitAll()" />
        <security:intercept-url pattern="/pages/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/ws/**" access="hasIpAddress('127.0.0.1')" />
    </security:http>
 
    <security:http pattern="/**" auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
        <security:intercept-url pattern="/**" access="permitAll()" />
        <security:form-login login-page="/login"
                             login-processing-url="/j_spring_security_check"
                             authentication-failure-url="/login?error=login"
                             always-use-default-target="true"
                             default-target-url="/"
                             authentication-success-handler-ref="authenticationSuccessHandler" />
 
        <security:logout logout-url="/j_spring_security_logout"
                         invalidate-session="true"
                         logout-success-url="/login"  />
        <security:remember-me services-ref="rememberMeServices"/>
    </security:http>
 
    <security:authentication-manager  alias="authenticationManager">
        <security:authentication-provider ref="userDetailsAuthenticationProvider" />
    </security:authentication-manager>
 
    <bean id="userDetailsAuthenticationProvider" class="fr.xxxx.projet.authentication.UserDetailsAuthenticationProvider" />
 
    <bean id="rememberMeFilter" class=
        "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
        <property name="rememberMeServices" ref="rememberMeServices"/>
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>
 
    <bean id="rememberMeServices" class=
        "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="pmsiAnalysorUserDetailsService"/>
        <property name="key" value="aKey"/>
    </bean>
 
    <bean id="rememberMeAuthenticationProvider" class=
        "org.springframework.security.authentication.RememberMeAuthenticationProvider">
        <property name="key" value="aKey"/>
    </bean>       
 
</beans>
En vous remerciant