Spring Security 4.0.3 rememberMe tokenValiditySeconds不起作用

时间:2016-03-22 16:06:48

标签: java spring rest spring-security spring-rest

我在Spring Security Config中指定了tokenValiditySeconds,但我仍然看到默认值为1209600(在org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices中找到)。我有一个自定义的“RememberMeService”类,它扩展了TokenBasedRememberMeServices(反过来扩展了AbstractRememberMeServices),但我并没有改变我班级中的tokenValiditySeconds ...我只是期待它从我的安全配置中设置。

除了tokenValiditySeconds之外,其他所有工作都正常。我专门用于我的REST API(而不是Web表单)。

如何使我在Spring Security Config中指定的tokenValiditySeconds适用于我的RememberMeService?这是我的configure()方法:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .headers()
            .frameOptions()
            .sameOrigin()
        .and()
            .authorizeRequests()
            .antMatchers("/rest/**").hasRole("ADMIN")
            .anyRequest().permitAll()
        .and()
            .csrf()
            .disable()
            .httpBasic()
        .and()
            .rememberMe()
            .key(KEY)
            .tokenValiditySeconds(1)
            .userDetailsService(springUserDetailsService)
            .rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
        .and()
            .logout().disable();
}

1 个答案:

答案 0 :(得分:0)

决定在tokenValiditySeconds类而不是SpringRememberMeService配置器中指定rememberMe(),这样可以正常工作。请注意,我已根据我们的特定需求覆盖了TokenBasedRememberMeServices中的几个类。

package com.avada.rest.security;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;

import javax.servlet.http.HttpServletRequest;

public class SpringRememberMeService extends TokenBasedRememberMeServices {

    public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes

    public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
        super(key, userDetailsService);
    }

    @Override
    protected String extractRememberMeCookie(HttpServletRequest request) {
        String rememberMe = request.getHeader("remember-me");
        int startIndex = "remember-me=".length();
        int endIndex = rememberMe.indexOf("; ", startIndex);
        return rememberMe.substring(startIndex, endIndex);
    }

    @Override
    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
        return TOKEN_VALIDITY_SECONDS;
    }
}
相关问题
最新问题