před 18 roky · 81067840ef
--- a/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
+++ b/core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
@@ -158,12 +158,13 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 
				 			return;
			
 
				 		}
			
 
				 
			
 
				-		long expiryTime = System.currentTimeMillis() + getTokenValiditySeconds() * 1000;
			
 
				+		int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication);
			
 
				+        long expiryTime = System.currentTimeMillis() + 1000*tokenLifetime;
			
 
				 
			
 
				-		String signatureValue = makeTokenSignature(expiryTime, username, password);
			
 
				+        String signatureValue = makeTokenSignature(expiryTime, username, password);
			
 
				         String cookieValue = encodeCookie(new String[] {username, Long.toString(expiryTime), signatureValue});
			
 
				 
			
 
				-		response.addCookie(makeValidCookie(cookieValue, request, getTokenValiditySeconds()));
			
 
				+        response.addCookie(makeValidCookie(cookieValue, request, tokenLifetime));
			
 
				 
			
 
				 		if (logger.isDebugEnabled()) {
			
 
				 			logger.debug("Added remember-me cookie for user '" + username + "', expiry: '"
			
@@ -171,7 +172,28 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
 
				 		}
			
 
				 	}
			
 
				 
			
 
				-	protected String retrieveUserName(Authentication authentication) {
			
 
				+    /**
			
 
				+     * Calculates the validity period in seconds for a newly generated remember-me login.
			
 
				+     * After this period (from the current time) the remember-me login will be considered expired.
			
 
				+     * This method allows customization based on request parameters supplied with the login or information in
			
 
				+     * the <tt>Authentication</tt> object. The default value is just the token validity period property,
			
 
				+     * <tt>tokenValiditySeconds</tt>.
			
 
				+     * <p>
			
 
				+     * The returned value will be used to work out the expiry time of the token and will also be
			
 
				+     * used to set the <tt>maxAge</tt> property of the cookie.
			
 
				+     * </p>
			
 
				+     *
			
 
				+     * See SEC-485.
			
 
				+     *
			
 
				+     * @param request the request passed to onLoginSuccess
			
 
				+     * @param authentication the successful authentication object.
			
 
				+     * @return the lifetime in seconds.
			
 
				+     */
			
 
				+    protected int calculateLoginLifetime(HttpServletRequest request, Authentication authentication) {
			
 
				+        return getTokenValiditySeconds();
			
 
				+    }
			
 
				+
			
 
				+    protected String retrieveUserName(Authentication authentication) {
			
 
				 		if (isInstanceOfUserDetails(authentication)) {
			
 
				 			return ((UserDetails) authentication.getPrincipal()).getUsername();
			
 
				 		}