Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-485: Added calculateLoginLifetime method.

Luke Taylor 18 years ago
parent
b681952933
commit
81067840ef
1 changed files with 26 additions and 4 deletions
Split View Show Diff Stats
  1. 26 4
      core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java

+ 26 - 4
core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
View File 

@@ -158,12 +158,13 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 
 			return;
 
 		}
 
 
-		long expiryTime = System.currentTimeMillis() + getTokenValiditySeconds() * 1000;
 
+		int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication);
 
+        long expiryTime = System.currentTimeMillis() + 1000*tokenLifetime;
 
 
-		String signatureValue = makeTokenSignature(expiryTime, username, password);
 
+        String signatureValue = makeTokenSignature(expiryTime, username, password);
 
         String cookieValue = encodeCookie(new String[] {username, Long.toString(expiryTime), signatureValue});
 
 
-		response.addCookie(makeValidCookie(cookieValue, request, getTokenValiditySeconds()));
 
+        response.addCookie(makeValidCookie(cookieValue, request, tokenLifetime));
 
 
 		if (logger.isDebugEnabled()) {
 
 			logger.debug("Added remember-me cookie for user '" + username + "', expiry: '"
 
@@ -171,7 +172,28 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 
 		}
 
 	}
 
 
-	protected String retrieveUserName(Authentication authentication) {
 
+    /**
 
+     * Calculates the validity period in seconds for a newly generated remember-me login.
 
+     * After this period (from the current time) the remember-me login will be considered expired.
 
+     * This method allows customization based on request parameters supplied with the login or information in
 
+     * the <tt>Authentication</tt> object. The default value is just the token validity period property,
 
+     * <tt>tokenValiditySeconds</tt>.
 
+     * <p>
 
+     * The returned value will be used to work out the expiry time of the token and will also be
 
+     * used to set the <tt>maxAge</tt> property of the cookie.
 
+     * </p>
 
+     *
 
+     * See SEC-485.
 
+     *
 
+     * @param request the request passed to onLoginSuccess
 
+     * @param authentication the successful authentication object.
 
+     * @return the lifetime in seconds.
 
+     */
 
+    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
 
+        return getTokenValiditySeconds();
 
+    }
 
+
 
+    protected String retrieveUserName(Authentication authentication) {
 
 		if (isInstanceOfUserDetails(authentication)) {
 
 			return ((UserDetails) authentication.getPrincipal()).getUsername();
 
 		}