Fatal编程技术网
  • java/
  • Java Spring security POST登录集已过期会话

Java Spring security POST登录集已过期会话

java spring spring-mvc spring-security jetty

Java Spring security POST登录集已过期会话,java,spring,spring-mvc,spring-security,jetty,Java,Spring,Spring Mvc,Spring Security,Jetty,我正在尝试保护我已实现的REST服务 http://localhost:8080/api/** 需要得到保障 运行此命令: curl -i -X POST -d j_username=user -d j_password=user http://localhost:8089/spring-security-rest/j_spring_security_check 此输出中的结果: HTTP/1.1 200 OK Set-Cookie: JSESSIONID=1ccuzrzlpamjb9

我正在尝试保护我已实现的REST服务

http://localhost:8080/api/**
需要得到保障

运行此命令:

   curl -i -X POST -d j_username=user -d j_password=user http://localhost:8089/spring-security-rest/j_spring_security_check
此输出中的结果:

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=1ccuzrzlpamjb9ce47savvlsx;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Server: Jetty(7.6.5.v20120716)
cookie在创建时已过期。知道为什么会这样吗

applicationContext-security.xml

您可以在链中覆盖实现自己的PersistentTokenBasedMemberMeservices筛选器的默认cookie行为。

为什么默认行为会将cookie过期日期设置为1970?我不知道这个问题,因为Spring对cookie行为的实现对我们来说是抽象的。关于这一点的唯一文档在这里,这是不够的。 
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd
    http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">

<http entry-point-ref="restAuthEntryPoint">
    <intercept-url pattern="/api/**" access="ROLE_ADMIN"/>

    <form-login
        authentication-success-handler-ref="mySuccessHandler"
        authentication-failure-handler-ref="myFailureHandler"
    />

    <logout />
</http>

<beans:bean id="restAuthEntryPoint"
    class="com.example.security.RestAuthenticationEntryPoint"/>
<beans:bean id="mySuccessHandler"
    class="com.example.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<beans:bean id="myFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <user-service>
            <user name="temporary" password="temporary" authorities="ROLE_ADMIN"/>
            <user name="user" password="user" authorities="ROLE_USER"/>
        </user-service>
    </authentication-provider>
</authentication-manager>

<global-method-security pre-post-annotations="enabled" />

    </beans:beans>