mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-16 00:52:12 +00:00
SEC-2791: AbstractRememberMeServices sets the version
If the maxAge < 1 then the version must be 1 otherwise browsers ignore the value.
This commit is contained in:
Rob Winch
parent
478a9650aa
commit
74f8534b17
@ -349,6 +349,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
|
|||||||
cookie.setMaxAge(maxAge);
|
cookie.setMaxAge(maxAge);
|
||||||
cookie.setPath(getCookiePath(request));
|
cookie.setPath(getCookiePath(request));
|
||||||
|
|
||||||
|
if(maxAge < 1) {
|
||||||
|
cookie.setVersion(1);
|
||||||
|
}
|
||||||
|
|
||||||
if (useSecureCookie == null) {
|
if (useSecureCookie == null) {
|
||||||
cookie.setSecure(request.isSecure());
|
cookie.setSecure(request.isSecure());
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
package org.springframework.security.web.authentication.rememberme;
|
package org.springframework.security.web.authentication.rememberme;
|
||||||
|
|
||||||
|
import static org.fest.assertions.Assertions.*;
|
||||||
import static org.powermock.api.mockito.PowerMockito.*;
|
import static org.powermock.api.mockito.PowerMockito.*;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
@ -352,6 +353,45 @@ public class AbstractRememberMeServicesTests {
|
|||||||
assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
|
assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SEC-2791
|
||||||
|
@Test
|
||||||
|
public void setCookieMaxAge0VersionSet() {
|
||||||
|
MockRememberMeServices services = new MockRememberMeServices();
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
|
||||||
|
services.setCookie(new String[] {"value"}, 0, request, response);
|
||||||
|
|
||||||
|
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
||||||
|
assertThat(cookie.getVersion()).isEqualTo(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// SEC-2791
|
||||||
|
@Test
|
||||||
|
public void setCookieMaxAgeNegativeVersionSet() {
|
||||||
|
MockRememberMeServices services = new MockRememberMeServices();
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
|
||||||
|
services.setCookie(new String[] {"value"}, -1, request, response);
|
||||||
|
|
||||||
|
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
||||||
|
assertThat(cookie.getVersion()).isEqualTo(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// SEC-2791
|
||||||
|
@Test
|
||||||
|
public void setCookieMaxAge1VersionSet() {
|
||||||
|
MockRememberMeServices services = new MockRememberMeServices();
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
|
||||||
|
services.setCookie(new String[] {"value"}, 1, request, response);
|
||||||
|
|
||||||
|
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
|
||||||
|
assertThat(cookie.getVersion()).isEqualTo(0);
|
||||||
|
}
|
||||||
|
|
||||||
private Cookie[] createLoginCookie(String cookieToken) {
|
private Cookie[] createLoginCookie(String cookieToken) {
|
||||||
MockRememberMeServices services = new MockRememberMeServices();
|
MockRememberMeServices services = new MockRememberMeServices();
|
||||||
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
|
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user