Spring Security 4.0.3 RememberMe tokenValiditySeconds无法正常工作
[英]Spring Security 4.0.3 rememberMe tokenValiditySeconds not working
问题描述
我已经在Spring Security Config tokenValiditySeconds指定为1,但是仍然看到默认值1209600(位于org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices )。 我有一个自定义的“ RememberMeService”类,该类扩展了TokenBasedRememberMeServices (又扩展了AbstractRememberMeServices ),但是我没有在类中更改tokenValiditySeconds ……我只是希望可以从我的安全配置中对其进行设置。
除了tokenValiditySeconds之外,其他所有东西都工作正常。 我专门针对我的REST API(而不是Web表单)使用它。
如何使我在Spring Security Config中指定的tokenValiditySeconds适用于RememberMeService? 这是我的configure()方法:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.frameOptions()
.sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/rest/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.rememberMe()
.key(KEY)
.tokenValiditySeconds(1)
.userDetailsService(springUserDetailsService)
.rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
.and()
.logout().disable();
}
1 个解决方案
解决方案1
0 已采纳 2016-03-22 19:22:55
决定在我的SpringRememberMeService类中而不是SpringRememberMeService rememberMe()配置器中指定tokenValiditySeconds ,并且工作正常。 请注意, TokenBasedRememberMeServices满足我们的特定需求,我重写了TokenBasedRememberMeServices的几个类。
package com.avada.rest.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import javax.servlet.http.HttpServletRequest;
public class SpringRememberMeService extends TokenBasedRememberMeServices {
public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes
public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
super(key, userDetailsService);
}
@Override
protected String extractRememberMeCookie(HttpServletRequest request) {
String rememberMe = request.getHeader("remember-me");
int startIndex = "remember-me=".length();
int endIndex = rememberMe.indexOf("; ", startIndex);
return rememberMe.substring(startIndex, endIndex);
}
@Override
protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
return TOKEN_VALIDITY_SECONDS;
}
}
带有用户名和 ID 的 Spring Security RememberMe 功能
[英]Spring Security RememberMe function with username and id
RememberMe Spring Security:成功处理程序被多次调用
[英]RememberMe Spring Security: success handler is called multiple times
Spring Security - 访问被拒绝(用户不是匿名的)spring-security-core-4.0.3.RELEASE
[英]Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE
Spring Security 4.0.3:提交后,自定义登录表单会弹出基本的“需要身份验证”对话框
[英]Spring Security 4.0.3: Custom login form pops up basic 'Authentication Required' dialog when submitted
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
找不到用于Spring Security的Spring Bean还记得我吗?
Spring Security禁用rememberMe不起作用
带有用户名和 ID 的 Spring Security RememberMe 功能
RememberMe Spring Security:成功处理程序被多次调用
无法在Spring-Acegi中设置tokenValiditySeconds
RememberMe服务无法正常工作
Spring Security - 访问被拒绝(用户不是匿名的)spring-security-core-4.0.3.RELEASE
Spring Security 4.0.3:提交后,自定义登录表单会弹出基本的“需要身份验证”对话框
Spring Security对我不起作用
春季安全许可证全部不起作用
相关标签