root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 31 Packages Projects Releases Wiki Activity

SEC-900: Added extra checks on expiry time

This commit is contained in:
Luke Taylor 2008-07-02 18:40:55 +00:00
parent d5df35f739
commit 479693ced7
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/src/test/java/org/springframework/security/ui/rememberme/TokenBasedRememberMeServicesTests.java
View File

@ -343,7 +343,7 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
public void testLoginSuccessNormalWithNonUserDetailsBasedPrincipal() { public void testLoginSuccessNormalWithNonUserDetailsBasedPrincipal() {
TokenBasedRememberMeServices services = new TokenBasedRememberMeServices(); TokenBasedRememberMeServices services = new TokenBasedRememberMeServices();
// SEC-822 // SEC-822
services.setTokenValiditySeconds(5000000); services.setTokenValiditySeconds(500000000);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("d"); request.setRequestURI("d");
request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true"); request.addParameter(TokenBasedRememberMeServices.DEFAULT_PARAMETER, "true");
@ -354,6 +354,10 @@ public class TokenBasedRememberMeServicesTests extends TestCase {
new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")})); new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ABC")}));
Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); Cookie cookie = response.getCookie(TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
String expiryTime = services.decodeCookie(cookie.getValue())[1];
long expectedExpiryTime = 1000L * 500000000;
expectedExpiryTime += System.currentTimeMillis();
assertTrue(Long.parseLong(expiryTime) > expectedExpiryTime - 10000);
assertNotNull(cookie); assertNotNull(cookie);
assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge()); assertEquals(services.getTokenValiditySeconds(), cookie.getMaxAge());
assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes())); assertTrue(Base64.isArrayByteBase64(cookie.getValue().getBytes()));