10 年之前 · 4d738d8576
--- a/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
+++ b/core/src/main/java/org/springframework/security/core/token/KeyBasedPersistenceTokenService.java
@@ -53,7 +53,7 @@ import org.springframework.util.StringUtils;
 
															  *
														
 
															  */
														
 
															 public class KeyBasedPersistenceTokenService implements TokenService, InitializingBean {
														
 
															-    private int pseudoRandomNumberBytes = 256;
														
 
															+    private int pseudoRandomNumberBytes = 32;
														
 
															     private String serverSecret;
														
 
															     private Integer serverInteger;
														
 
															     private SecureRandom secureRandom;
														
@@ -134,21 +134,7 @@ public class KeyBasedPersistenceTokenService implements TokenService, Initializi
 
															     }
														
 
															     /**
														
 
															-     * This method actually sets the number of bytes despite the method name
														
 
															-     * indicating it is the number of bits.
														
 
															-     *
														
 
															-     * @deprecated use {@link #setPseudoRandomNumberBytes(int)}
														
 
															-     * @param pseudoRandomNumberBytes
														
 
															-     *            changes the number of bytes issued (must be >= 0; defaults to
														
 
															-     *            256)
														
 
															-     */
														
 
															-    public void setPseudoRandomNumberBits(int pseudoRandomNumberBytes) {
														
 
															-        Assert.isTrue(pseudoRandomNumberBytes >= 0, "Must have a positive pseudo random number bit size");
														
 
															-        this.pseudoRandomNumberBytes = pseudoRandomNumberBytes;
														
 
															-    }
														
 
															-
														
 
															-    /**
														
 
															-     * @param pseudoRandomNumberBytes changes the number of bytes issued (must be >= 0; defaults to 256 for passivity reasons)
														
 
															+     * @param pseudoRandomNumberBytes changes the number of bytes issued (must be >= 0; defaults to 256)
														
 
															      */
														
 
															     public void setPseudoRandomNumberBytes(int pseudoRandomNumberBytes) {
														
 
															         Assert.isTrue(pseudoRandomNumberBytes >= 0, "Must have a positive pseudo random number bit size");
														
--- a/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/core/token/KeyBasedPersistenceTokenServiceTests.java
@@ -56,7 +56,7 @@ public class KeyBasedPersistenceTokenServiceTests {
 
															     @Test
														
 
															     public void testOperationWithEmptyRandomNumber() {
														
 
															         KeyBasedPersistenceTokenService service = getService();
														
 
															-        service.setPseudoRandomNumberBits(0);
														
 
															+        service.setPseudoRandomNumberBytes(0);
														
 
															         Token token = service.allocateToken("Hello:world:::");
														
 
															         Token result = service.verifyToken(token.getKey());
														
 
															         Assert.assertEquals(token, result);