[英]Spring Security 4.0.3 rememberMe tokenValiditySeconds not working
我已经在Spring Security Config tokenValiditySeconds
指定为1,但是仍然看到默认值1209600(位于org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
)。 我有一个自定义的“ RememberMeService”类,该类扩展了TokenBasedRememberMeServices
(又扩展了AbstractRememberMeServices
),但是我没有在类中更改tokenValiditySeconds
……我只是希望可以从我的安全配置中对其进行设置。
除了tokenValiditySeconds
之外,其他所有东西都工作正常。 我专门针对我的REST API(而不是Web表单)使用它。
如何使我在Spring Security Config中指定的tokenValiditySeconds
适用于RememberMeService? 这是我的configure()
方法:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.frameOptions()
.sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/rest/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.rememberMe()
.key(KEY)
.tokenValiditySeconds(1)
.userDetailsService(springUserDetailsService)
.rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
.and()
.logout().disable();
}
决定在我的SpringRememberMeService
类中而不是SpringRememberMeService
rememberMe()
配置器中指定tokenValiditySeconds
,并且工作正常。 请注意, TokenBasedRememberMeServices
满足我们的特定需求,我重写了TokenBasedRememberMeServices
的几个类。
package com.avada.rest.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import javax.servlet.http.HttpServletRequest;
public class SpringRememberMeService extends TokenBasedRememberMeServices {
public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes
public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
super(key, userDetailsService);
}
@Override
protected String extractRememberMeCookie(HttpServletRequest request) {
String rememberMe = request.getHeader("remember-me");
int startIndex = "remember-me=".length();
int endIndex = rememberMe.indexOf("; ", startIndex);
return rememberMe.substring(startIndex, endIndex);
}
@Override
protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
return TOKEN_VALIDITY_SECONDS;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.