Back Forum Reply New
amy

1#
Print
tT
Post at 2011-4-15 14:28 | This Author's Posts Only

RememberMe is not creating cookie JSESSIONID

I am implementing token based RememberMe. I am using GWT with some AJAX type of calls so I have to do some adjustments to the vanilla set up.

These are my symptoms:

I can log in typing username and password. The JSESSIONID cookie is created.

If I check the remember me the SPRING_SECURITY_REMEMBER_ME_COOKIE is also created.

If I close my browser and reenter in the application. The auto login using the SPRING_SECURITY_REMEMBER_ME_COOKIE happens OK. But the JSESSIONID cookie is not created. I can navigate my application and everything, but the JSESSIONID is never created.

My questions are:

Is this the supposed behavior? I have the feeling that it is doing an auto login every time a request is made.

In this scenario who is supposed to create the JSESSIONID? That will help me  find the problem.

This is the log of single request. I think is should have created an fromSession.

PHP Code:
DEBUGnbsp;org..security.context.fromSessionContextIntegrationFilternbsp;-nbsp;Nonbsp;fromSessionnbsp;currentlynbsp;existsnbsp;DEBUGnbsp;org..security.context.fromSessionContextIntegrationFilternbsp;-nbsp;Newnbsp;SecurityContextnbsp;instancenbsp;willnbsp;benbsp;associatednbsp;withnbsp;SecurityContextHoldernbsp;DEBUGnbsp;org..security.ui.rememberme.TokenBasedRememberMeServicesnbsp;-nbsp;Remember-menbsp;cookienbsp;detectednbsp;DEBUGnbsp;com.mycompany.o2plus.daos.NotesDaoImplnbsp;-nbsp;sql=#91;SELECTnbsp;users.*,nbsp;userlogon.logonnamenbsp;asnbsp;loginname,nbsp;userlogon.passwordnbsp;asnbsp;passwordnbsp;FROMnbsp;users,nbsp;userlogonnbsp;WHEREnbsp;userlogon.logonnamenbsp;=nbsp;?nbsp;ANDnbsp;users.userlogonidnbsp;=nbsp;userlogon.userlogonidnbsp;#93;DEBUGnbsp;org..security.ui.rememberme.TokenBasedRememberMeServicesnbsp;-nbsp;Remember-menbsp;cookienbsp;acceptednbsp;DEBUGnbsp;org..security.providers.ProviderManagernbsp;-nbsp;Authenticationnbsp;attemptnbsp;usingnbsp;com.mycompany.o2plus.server.SimpleAuthenticationProvidernbsp;DEBUGnbsp;com.mycompany.o2plus.daos.NotesDaoImplnbsp;-nbsp;sql=#91;SELECTnbsp;users.*,nbsp;userlogon.logonnamenbsp;asnbsp;loginname,nbsp;userlogon.passwordnbsp;asnbsp;passwordnbsp;FROMnbsp;users,nbsp;userlogonnbsp;WHEREnbsp;userlogon.logonnamenbsp;=nbsp;?nbsp;ANDnbsp;userlogon.passwordnbsp;=nbsp;?nbsp;ANDnbsp;users.userlogonidnbsp;=nbsp;userlogon.userlogonidnbsp;#93;DEBUGnbsp;com.mycompany.o2plus.server.SimpleAuthenticationProvidernbsp;-nbsp;athenticatednbsp;loginName=#91;devteam#93;DEBUGnbsp;org..security.ui.rememberme.RememberMeProcessingFilternbsp;-nbsp;SecurityContextHoldernbsp;populatednbsp;withnbsp;remember-menbsp;token:nbsp;'com.mycompany.o2plus.server.AuthenticationToken@fb0db571:nbsprincipal:nbsp;devteamassword:nbsp;#91ROTECTED#93;;Authenticated:nbsp;true;Details:nbsp;com.mycompany.o2plus.om.User@4c8167;Grantednbsp;Authorities:nbsp;ROLE_USER,nbsp;ROLE_ADMIN'nbsp;DEBUGnbsp;org..security.providers.anonymous.AnonymousProcessingFilternbsp;-nbsp;SecurityContextHoldernbsp;notnbsp;populatednbsp;withnbsp;anonymousnbsp;token,nbsp;asnbsp;itnbsp;alreadynbsp;contained:nbsp;'com.mycompany.o2plus.server.AuthenticationToken@fb0db571:nbsprincipal:nbsp;devteamassword:nbsp;#91ROTECTED#93;;Authenticated:nbsp;true;Details:nbsp;com.mycompany.o2plus.om.User@4c8167;Grantednbsp;Authorities:nbsp;ROLE_USER,nbsp;ROLE_ADMIN'nbsp;DEBUGnbsp;org.gwtwidgets.server.spring.GWTHandlernbsp;-nbsp;Lookingnbsp;upnbsp;handlernbsp;fornbsp;#91;/com.mycompany.o2plus.MainApp/securityUIService.rpc#93;DEBUGnbsp;com.mycompany.o2plus.SystemArchitecturenbsp;-nbsp;startnbsp;hasRole()nbsp;DEBUGnbsp;com.mycompany.o2plus.server.SpringSecurityServiceImplnbsp;-nbsp;startnbsp;hasRole(ROLE_USER)nbsp;DEBUGnbsp;com.mycompany.o2plus.SystemArchitecturenbsp;-nbsp;endnbsp;hasRole()nbsp;returningnbsp;truenbsp;DEBUGnbsp;org..security.context.fromSessionContextIntegrationFilternbsp;-nbsp;fromSessionnbsp;beingnbsp;creatednbsp;asnbsp;SecurityContextHoldernbsp;contentsnbsp;arenbsp;non-defaultnbsp;DEBUGnbsp;org..security.context.fromSessionContextIntegrationFilternbsp;-nbsp;SecurityContextHoldernbsp;nownbsp;cleared,nbsp;asnbsp;requestnbsp;processingnbsp;completednbsp;

But the next request also starts with the line:

PHP Code:
DEBUGnbsp;org..security.context.fromSessionContextIntegrationFilternbsp;-nbsp;Nonbsp;fromSessionnbsp;currentlynbsp;existsnbsp;

Which makes me wonder what happened to the fromSession it had already created?
Favor Share Rate
Reply Quote

Subscribe TOP

¥
Back Forum Reply New