I am trying to make use of Spring Security's <remember-me/>
authentification. The line in my security context looks like this:
<security:remember-me key="89dqj219dn910lsAc12" user-service-ref="jpaUserDetailsService"/>
Although I use my own implementation of UserDetailsService
(tested & working), I have also tried with the default one running into the same issue, which is this:
Logging in with "remember-me" checkbox checked, a cookie is generated as expected:
Name: SPRING_SECURITY_REMEMBER_ME_COOKIE; Value: c2FzczoxMjg1NTIxOTI1NzY4OmIxODQ5YTE2ZDY1MDVmZDFhNWRlN2Y2NzFlMzc1MmI0; Host: localhost; Path: /webapp; Secure: No; Valid until: Sun, 26 Sep 2010 17:25:25 GMT)
The browser restarted
The cookie is still there
Trying to access any secured page ends in "Access denied" error:
org.springframework.security.access.AccessDeniedException: Access is denied
Authentication object as a String: org.springframework.security.authentication.RememberMeAuthenticationToken@ffcaab94: Principal: de.myapp.businessobjects.AppUser@35c12e: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; PersonalInformation: 32768; ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
I am confused an do not know what goes wrong or where to start debugging. Help, please?