stackoom
  简体   繁体   中英

Spring Security 4.0.3 rememberMe tokenValiditySeconds not working

 原文  2016-03-22 16:06:47       java/ spring/ rest/ spring-security/ spring-rest

Question

I have specified a tokenValiditySeconds of 1 in my Spring Security Config but I keep seeing the default of 1209600 (found in org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices ) show up. I have a custom "RememberMeService" class that extends TokenBasedRememberMeServices (which in turn extends AbstractRememberMeServices ) but I'm not altering the tokenValiditySeconds in my class...I'm just expecting it to be set from my Security Config.

Everything else is working fine except the tokenValiditySeconds . I am using this specifically for my REST API (rather than in a web form).

How do I make the tokenValiditySeconds I specify in my Spring Security Config apply in my RememberMeService? Here is my configure() method: 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .headers()
            .frameOptions()
            .sameOrigin()
        .and()
            .authorizeRequests()
            .antMatchers("/rest/**").hasRole("ADMIN")
            .anyRequest().permitAll()
        .and()
            .csrf()
            .disable()
            .httpBasic()
        .and()
            .rememberMe()
            .key(KEY)
            .tokenValiditySeconds(1)
            .userDetailsService(springUserDetailsService)
            .rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
        .and()
            .logout().disable();
}

1 answers

solution1
 0 ACCPTED  2016-03-22 19:22:55

Decided to specify tokenValiditySeconds in my SpringRememberMeService class instead of in the rememberMe() configurer and this is working fine. Note that I'm overriding a couple of classes in TokenBasedRememberMeServices for our specific needs. 

package com.avada.rest.security;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;

import javax.servlet.http.HttpServletRequest;

public class SpringRememberMeService extends TokenBasedRememberMeServices {

    public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes

    public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
        super(key, userDetailsService);
    }

    @Override
    protected String extractRememberMeCookie(HttpServletRequest request) {
        String rememberMe = request.getHeader("remember-me");
        int startIndex = "remember-me=".length();
        int endIndex = rememberMe.indexOf("; ", startIndex);
        return rememberMe.substring(startIndex, endIndex);
    }

    @Override
    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
        return TOKEN_VALIDITY_SECONDS;
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Bean not found for Spring Security RememberMe? Spring Security disable rememberMe doesn't work Spring Security RememberMe function with username and id RememberMe Spring Security: success handler is called multiple times Cannot set tokenValiditySeconds in Spring-Acegi RememberMe Service not working Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE Spring Security 4.0.3: Custom login form pops up basic 'Authentication Required' dialog when submitted Spring security not working for me spring security permitAll not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM