Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 05:42:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-822: Converted to long arithmetic to prevent integer overflowing with long token validity periods

Browse Source
This commit is contained in:
Luke Taylor 2008-05-08 15:07:40 +00:00
parent 301d021bf5
commit 883b92e7bd
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServices.java
View File

@ -152,7 +152,7 @@ public class TokenBasedRememberMeServices extends AbstractRememberMeServices {
}
int tokenLifetime = calculateLoginLifetime(request, successfulAuthentication);
long expiryTime = System.currentTimeMillis() + 1000*tokenLifetime;
long expiryTime = System.currentTimeMillis() + 1000L*tokenLifetime;
String signatureValue = makeTokenSignature(expiryTime, username, password);

2
core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java
View File

@ -342,6 +342,8 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
public void testLoginSuccessNormalWithNonUserDetailsBasedPrincipal() {
TokenBasedRememberMeServices services = new TokenBasedRememberMeServices();
// SEC-822
services.setTokenValiditySeconds(5000000);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("d");
request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");