Java Spring Security 4.0.3记住令牌有效性秒不工作
我在我的Spring安全配置中指定了Java Spring Security 4.0.3记住令牌有效性秒不工作,java,spring,rest,spring-security,spring-rest,Java,Spring,Rest,Spring Security,Spring Rest,我在我的Spring安全配置中指定了tokenValiditySeconds为1,但我一直看到默认值1209600(在org.springframework.Security.web.authentication.rememberme.AbstractRememberMeServices中找到)出现。我有一个自定义的“RememberService”类,它扩展了TokenBasedMemberMeservices(它反过来扩展了AbstractRememberServices),但我并没有更改类
tokenValiditySeconds
为1,但我一直看到默认值1209600(在org.springframework.Security.web.authentication.rememberme.AbstractRememberMeServices
中找到)出现。我有一个自定义的“RememberService”类,它扩展了TokenBasedMemberMeservices
(它反过来扩展了AbstractRememberServices
),但我并没有更改类中的tokenValiditySeconds
,我只是希望它能从我的安全配置中设置
除了tokenValiditySeconds
,其他一切都正常工作。我专门为我的RESTAPI(而不是web表单)使用它
如何使我在Spring安全配置中指定的tokenValiditySeconds
在我的MemberMemberService中应用?以下是我的configure()
方法:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.frameOptions()
.sameOrigin()
.and()
.authorizeRequests()
.antMatchers("/rest/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.rememberMe()
.key(KEY)
.tokenValiditySeconds(1)
.userDetailsService(springUserDetailsService)
.rememberMeServices(new SpringRememberMeService(KEY, springUserDetailsService))
.and()
.logout().disable();
}
决定在my
SpringMemberService
类中指定tokenValiditySeconds
,而不是在Memberme()
configurer中,这样做很好。请注意,我正在覆盖TokenBasedMemberMeservices
中的几个类,以满足我们的特定需求
package com.avada.rest.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import javax.servlet.http.HttpServletRequest;
public class SpringRememberMeService extends TokenBasedRememberMeServices {
public static final int TOKEN_VALIDITY_SECONDS = 60 * 30; // 30 minutes
public SpringRememberMeService(String key, UserDetailsService userDetailsService) {
super(key, userDetailsService);
}
@Override
protected String extractRememberMeCookie(HttpServletRequest request) {
String rememberMe = request.getHeader("remember-me");
int startIndex = "remember-me=".length();
int endIndex = rememberMe.indexOf("; ", startIndex);
return rememberMe.substring(startIndex, endIndex);
}
@Override
protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
return TOKEN_VALIDITY_SECONDS;
}
}