Java Spring security POST登录集已过期会话
我正在尝试保护我已实现的REST服务Java Spring security POST登录集已过期会话,java,spring,spring-mvc,spring-security,jetty,Java,Spring,Spring Mvc,Spring Security,Jetty,我正在尝试保护我已实现的REST服务 http://localhost:8080/api/** 需要得到保障 运行此命令: curl -i -X POST -d j_username=user -d j_password=user http://localhost:8089/spring-security-rest/j_spring_security_check 此输出中的结果: HTTP/1.1 200 OK Set-Cookie: JSESSIONID=1ccuzrzlpamjb9
http://localhost:8080/api/**
需要得到保障
运行此命令:
curl -i -X POST -d j_username=user -d j_password=user http://localhost:8089/spring-security-rest/j_spring_security_check
此输出中的结果:
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=1ccuzrzlpamjb9ce47savvlsx;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Server: Jetty(7.6.5.v20120716)
cookie在创建时已过期。知道为什么会这样吗
applicationContext-security.xml
您可以在链中覆盖实现自己的PersistentTokenBasedMemberMeservices筛选器的默认cookie行为。为什么默认行为会将cookie过期日期设置为1970?我不知道这个问题,因为Spring对cookie行为的实现对我们来说是抽象的。关于这一点的唯一文档在这里,这是不够的。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">
<http entry-point-ref="restAuthEntryPoint">
<intercept-url pattern="/api/**" access="ROLE_ADMIN"/>
<form-login
authentication-success-handler-ref="mySuccessHandler"
authentication-failure-handler-ref="myFailureHandler"
/>
<logout />
</http>
<beans:bean id="restAuthEntryPoint"
class="com.example.security.RestAuthenticationEntryPoint"/>
<beans:bean id="mySuccessHandler"
class="com.example.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<beans:bean id="myFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="temporary" password="temporary" authorities="ROLE_ADMIN"/>
<user name="user" password="user" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
<global-method-security pre-post-annotations="enabled" />
</beans:beans>