1. 首頁
  2. 問答
  3. Tomcat Spring Security - 設置會話cookie過期時間

Tomcat Spring Security - 設置會話cookie過期時間

2014-10-02 143 views
0

我正在構建一個基於嵌入式Tomcat-7.0.55,Spring-Boot-1.1.6,Spring-webmvc/core-4.0.7和Spring-Security - 3.2.5。Tomcat Spring Security - 設置會話cookie過期時間

我的配置是這樣的:

@Configuration 
public class ServletCtxConfig { 

    @Bean 
    @Profile({ Profiles.PRODUCTION, Profiles.QA, Profiles.DEV }) 
    EmbeddedServletContainerFactory servletContainerFactory() { 
     TomcatEmbeddedServletContainerFactory retVal = new TomcatEmbeddedServletContainerFactory(); 
     retVal.setContextPath("contextPath"); 
     retVal.setTomcatContextCustomizers(Arrays.asList(contextCustomizer())); 
     retVal.setPort(111); 
     Connector httpConnector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); 
     httpConnector.setPort(123); 
     httpConnector.setRedirectPort(456); 
     retVal.addAdditionalTomcatConnectors(httpConnector); 

     return retVal; 
    } 

    @Bean 
    CustomCustomizer contextCustomizer() { 
     return new CustomCustomizer(); 
    } 

} 

class CustomCustomizer implements TomcatContextCustomizer { 

    @Value("${session.timeout:10080}") 
    Integer sessionTimeOut; 

    @Override 
    public void customize(Context context) { 
     context.setSessionCookieName("comilion-fw"); 
     context.setSessionTimeout(sessionTimeOut); 
     context.setUseHttpOnly(false); 
    } 
}

我能夠設置會話到期時間,但不會反映在cookie過期時間在瀏覽器上。 有人可以指導我如何設置cookie過期時間嗎?

來源

2014-10-02 Modi

+0

請您向我們展示您的會話管理配置,以便我們確定其中是否有錯誤? – Aeseir 2014-10-03 03:17:45

+0

將我的配置添加到問題 – Modi 2014-10-03 03:35:43

回答

2

嘗試在一個Web應用程序初始化階段訪問servlet上下文和這樣設置值:

servletContext.getSessionCookieConfig().setMaxAge(600);

看一看WebApplicationInitializerSpringServletContainerInitializer

如果你還莫名其妙地運行的Web應用程序中使用這裏的web.xml你去jsessionid-cookie-with-expiration-date-in-tomcat

來源

2014-10-02 13:08:29

+1

感謝您的回答,但我正在尋找來自Spring-Security框架的解決方案(由於此類更改可能會更改框架行爲) – Modi 2014-10-03 06:17:11

0

心中已經最終完成的是什麼,是定製EmbeddedServletContainerFactory如下:

@Bean 
    EmbeddedServletContainerFactory servletContainerFactory() { 
    logger.debug("Raising Embedded servlet container with port: ", port, " and context path: ", contextPath); 
    TomcatEmbeddedServletContainerFactory retVal = new TomcatEmbeddedServletContainerFactory() { 
     @Override 
     protected void postProcessContext(Context context) { 
      SecurityConstraint securityConstraint = new SecurityConstraint(); 
      securityConstraint.setUserConstraint("CONFIDENTIAL"); 
      SecurityCollection collection = new SecurityCollection(); 
      collection.addPattern("/*"); 
      securityConstraint.addCollection(collection); 
      context.addConstraint(securityConstraint); 
     } 
    }; 
    retVal.setContextPath(contextPath); 
    retVal.setTomcatContextCustomizers(Arrays.asList(contextCustomizer())); 
    retVal.addAdditionalTomcatConnectors(this.createConnection()); 
    return retVal; 
} 

@Bean 
CustomCustomizer contextCustomizer() { 
    return new CustomCustomizer(); 
} 

class CustomCustomizer implements TomcatContextCustomizer { 

    @Value(Properties.$_SESSION_TIMEOUT) 
    Integer sessionTimeOut; 

    @Override 
    public void customize(Context context) { 
     context.setSessionCookieName("XXX"); 
     context.setSessionTimeout(sessionTimeOut); 
} 
}

來源

2016-02-16 13:35:41 Modi

相關問題

 相關問題