Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1081: Fix for PersistentTokenBasedRememberMeServices int overflow problem.

This commit is contained in:
Luke Taylor 2009-04-20 09:08:35 +00:00
parent 3b6d5316cc
commit 271fbb7ddf
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.java
View File

@ -92,7 +92,7 @@ public class PersistentTokenBasedRememberMeServices extends AbstractRememberMeSe
"Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack."));
}
if (token.getDate().getTime() + getTokenValiditySeconds()*1000 < System.currentTimeMillis()) {
if (token.getDate().getTime() + getTokenValiditySeconds()*1000L < System.currentTimeMillis()) {
throw new RememberMeAuthenticationException("Remember-me login has expired");
}

2
web/src/test/java/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServicesTests.java
View File

@ -30,6 +30,8 @@ public class PersistentTokenBasedRememberMeServicesTests {
public void setUpData() throws Exception {
services = new PersistentTokenBasedRememberMeServices();
services.setCookieName("mycookiename");
// Default to 100 days (see SEC-1081).
services.setTokenValiditySeconds(100*24*60*60);
services.setUserDetailsService(
new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false));
}