I have specified a tokenValiditySeconds
of 1 in my Spring Security Config but I keep seeing the default of 1209600 (found in org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
) show up. I have a custom "RememberMeService" class that extends TokenBasedRememberMeServices
(which in turn extends AbstractRememberMeServices
) but I'm not altering the tokenValiditySeconds
in my class...I'm just expecting it to be set from my Security Config.
Everything else is working fine except the tokenValiditySeconds
. I am using this specifically for my REST API (rather than in a web form).
How do I make the tokenValiditySeconds
I specify in my Spring Security Config apply in my RememberMeService? Here is my configure()
method:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.frameOptions()
.sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/rest/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.rememberMe()
.key(KEY)
.tokenValiditySeconds(1)
.userDetailsService(springUserDetailsService)
.rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
.and()
.logout().disable();
}
Decided to specify tokenValiditySeconds
in my SpringRememberMeService
class instead of in the rememberMe()
configurer and this is working fine. Note that I'm overriding a couple of classes in TokenBasedRememberMeServices
for our specific needs.
package com.avada.rest.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import javax.servlet.http.HttpServletRequest;
public class SpringRememberMeService extends TokenBasedRememberMeServices {
public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes
public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
super(key, userDetailsService);
}
@Override
protected String extractRememberMeCookie(HttpServletRequest request) {
String rememberMe = request.getHeader("remember-me");
int startIndex = "remember-me=".length();
int endIndex = rememberMe.indexOf("; ", startIndex);
return rememberMe.substring(startIndex, endIndex);
}
@Override
protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
return TOKEN_VALIDITY_SECONDS;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.