stackoom
  简体   繁体   中英

RememberMe Spring Security: success handler is called multiple times

 原文  2015-07-29 16:21:39       java/ spring/ tomcat/ authentication

Question

I am running a Spring application over Tomcat7. I implemented a remember me service in Spring with the following bean in security.xml: 

<remember-me key="SOMEKEY" user-service-ref="defaultUserService"
             authentication-success-handler-ref="rememberMeAuthenticationSuccessHandler" />

My Success controller looks like this: 

@Service
public class RememberMeAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    private UserService userService;

    private static final Logger logger = LoggerFactory.getLogger(RememberMeAuthenticationSuccessHandler.class);

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
        User authenticatedUser = (User)authentication.getPrincipal();

        if (authenticatedUser != null) {
            logger.info("Successfully auto-logged in user: " + authenticatedUser.getUsername());
            authenticatedUser.setLastLogin(new Date());
            userService.save(authenticatedUser);
        } else {
            logger.error("Auto-logged in user is empty!");
        }
    }
}

The problem is that the callback is run multiple times so that I will have four access to the database.

logs look like this: 

2015.07.29 18:13:28 [http-bio-8080-exec-9] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-1] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-7] INFO  Successfully auto-logged in user: t50@t.it
2015.07.29 18:13:28 [http-bio-8080-exec-6] INFO  Successfully auto-logged in user: t50@t.it

I think there is a registered callback per thread. I supposed this is related to the fact that it is a Service type, however I need it in order to Autowire the userRepository

Is there a way to fix this gracefully?

Thanks a lot

1 answers

solution1
 0 ACCPTED  2015-07-30 02:15:48

It's not normal, could you just log more information about the request and check your client code again?

I'm pretty sure it's a consequence of multiple client calls

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring security LDAP success handler How to assign auth success handler to multiple spring security realms Spring 4 Security Tiles 3 Custom Success Handler Spring security Pre authentication success handler Spring Bean not found for Spring Security RememberMe? Spring Security disable rememberMe doesn't work Spring Security RememberMe function with username and id Spring Security 4.0.3 rememberMe tokenValiditySeconds not working oauth2 spring-security success and failure handler Why is my spring security not forwarding the request to authentication-success-handler?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM