Tomcat Spring Security - 设置会话cookie到期时间

时间:2014-10-02 12:14:00

标签: spring-mvc spring-security

我正在构建一个基于嵌入式Tomcat的Web应用程序 - 7.0.55,Spring-Boot-1.1.6,Spring-webmvc / core - 4.0.7和Spring-Security - 3.2.5。

我的配置如下:

@Configuration
public class ServletCtxConfig {

    @Bean
    @Profile({ Profiles.PRODUCTION, Profiles.QA, Profiles.DEV })
    EmbeddedServletContainerFactory servletContainerFactory() {
        TomcatEmbeddedServletContainerFactory retVal = new TomcatEmbeddedServletContainerFactory();
        retVal.setContextPath("contextPath");
        retVal.setTomcatContextCustomizers(Arrays.asList(contextCustomizer()));
        retVal.setPort(111);
        Connector httpConnector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        httpConnector.setPort(123);
        httpConnector.setRedirectPort(456);
        retVal.addAdditionalTomcatConnectors(httpConnector);

        return retVal;
    }

    @Bean
    CustomCustomizer contextCustomizer() {
        return new CustomCustomizer();
    }

}

class CustomCustomizer implements TomcatContextCustomizer {

    @Value("${session.timeout:10080}")
    Integer sessionTimeOut;

    @Override
    public void customize(Context context) {
        context.setSessionCookieName("comilion-fw");
        context.setSessionTimeout(sessionTimeOut);
        context.setUseHttpOnly(false);
    }
}

我可以设置会话到期时间,但不会反映在浏览器的Cookie到期时间上。 有人可以告诉我如何设置cookie过期时间吗?

2 个答案:

答案 0 :(得分:2)

尝试在Web应用程序初始化阶段访问servlet上下文并设置如下值:

servletContext.getSessionCookieConfig().setMaxAge(600);

查看WebApplicationInitializerSpringServletContainerInitializer

如果您仍然使用web.xml以某种方式运行Web应用程序,请转到jsessionid-cookie-with-expiration-date-in-tomcat

答案 1 :(得分:0)

我最终做的是自定义EmbeddedServletContainerFactory如下:

    @Bean
    EmbeddedServletContainerFactory servletContainerFactory() {
    logger.debug("Raising Embedded servlet container with port: ", port, " and context path: ", contextPath);
    TomcatEmbeddedServletContainerFactory retVal = new TomcatEmbeddedServletContainerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    retVal.setContextPath(contextPath);
    retVal.setTomcatContextCustomizers(Arrays.asList(contextCustomizer()));
    retVal.addAdditionalTomcatConnectors(this.createConnection());
    return retVal;
}

@Bean
CustomCustomizer contextCustomizer() {
    return new CustomCustomizer();
}

class CustomCustomizer implements TomcatContextCustomizer {

    @Value(Properties.$_SESSION_TIMEOUT)
    Integer sessionTimeOut;

    @Override
    public void customize(Context context) {
        context.setSessionCookieName("XXX");
        context.setSessionTimeout(sessionTimeOut);
}
}
相关问题
最新问题