六、Spring Security之记住我

/** * 配置验证规则 */ @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/").permitAll() //必须有“USER”角色的才能访问 .antMatchers("/user/**").hasAuthority("USER") .and() //登陆成功以后默认访问路径 .formLogin().loginPage("/login").defaultSuccessUrl("/user") .and() //注销以后默认访问路径 .logout().invalidateHttpSession(true) .clearAuthentication(true) .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login").permitAll() .and() // 记住我 配置 .rememberMe().key("unique-and-secret") .rememberMeCookieName("remember-me-cookie-name") .tokenValiditySeconds(24 * 60 * 60); // 在 UsernamePasswordAuthenticationFilter 前添加 BeforeLoginFilter http.addFilterBefore(new BeforeLoginFilter(), UsernamePasswordAuthenticationFilter.class); // 在 CsrfFilter 后添加 AfterCsrfFilter http.addFilterAfter(new AfterCsrfFilter(), CsrfFilter.class); }