Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring Security 4.0.3记住令牌有效性秒不工作_Java_Spring_Rest_Spring Security_Spring Rest - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring Security 4.0.3记住令牌有效性秒不工作

Java Spring Security 4.0.3记住令牌有效性秒不工作

java spring rest spring-security

Java Spring Security 4.0.3记住令牌有效性秒不工作,java,spring,rest,spring-security,spring-rest,Java,Spring,Rest,Spring Security,Spring Rest,我在我的Spring安全配置中指定了tokenValiditySeconds为1,但我一直看到默认值1209600(在org.springframework.Security.web.authentication.rememberme.AbstractRememberMeServices中找到)出现。我有一个自定义的“RememberService”类,它扩展了TokenBasedMemberMeservices(它反过来扩展了AbstractRememberServices),但我并没有更改类

我在我的Spring安全配置中指定了
tokenValiditySeconds
为1,但我一直看到默认值1209600(在
org.springframework.Security.web.authentication.rememberme.AbstractRememberMeServices
中找到)出现。我有一个自定义的“RememberService”类,它扩展了
TokenBasedMemberMeservices
(它反过来扩展了
AbstractRememberServices
),但我并没有更改类中的
tokenValiditySeconds
,我只是希望它能从我的安全配置中设置

除了
tokenValiditySeconds
,其他一切都正常工作。我专门为我的RESTAPI(而不是web表单)使用它

如何使我在Spring安全配置中指定的
tokenValiditySeconds
在我的MemberMemberService中应用?以下是我的
configure()
方法:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .headers()
            .frameOptions()
            .sameOrigin()
        .and()
            .authorizeRequests()
            .antMatchers("/rest/**").hasRole("ADMIN")
            .anyRequest().permitAll()
        .and()
            .csrf()
            .disable()
            .httpBasic()
        .and()
            .rememberMe()
            .key(KEY)
            .tokenValiditySeconds(1)
            .userDetailsService(springUserDetailsService)
            .rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
        .and()
            .logout().disable();
}
决定在my
SpringMemberService
类中指定
tokenValiditySeconds
,而不是在
Memberme()
configurer中,这样做很好。请注意,我正在覆盖
TokenBasedMemberMeservices
中的几个类,以满足我们的特定需求

package com.avada.rest.security;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;

import javax.servlet.http.HttpServletRequest;

public class SpringRememberMeService extends TokenBasedRememberMeServices {

    public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes

    public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
        super(key, userDetailsService);
    }

    @Override
    protected String extractRememberMeCookie(HttpServletRequest request) {
        String rememberMe = request.getHeader("remember-me");
        int startIndex = "remember-me=".length();
        int endIndex = rememberMe.indexOf("; ", startIndex);
        return rememberMe.substring(startIndex, endIndex);
    }

    @Override
    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
        return TOKEN_VALIDITY_SECONDS;
    }
}