How to set custom time out for remember me cookie in grails spring security?

Question

I have tokenValiditySeconds set in the Config.groovy as

grails.plugins.springsecurity.rememberMe.tokenValiditySeconds=31*24*60*60

However I want to set a different validity for all requests that comes from, say a sub-domain. I can identify domain info from the request object, but I am not able to override the tokenValiditySeconds from the CustomRememberMeService class.

By default the tokens will be valid for 14 days from the last successful authentication attempt. This can be changed using AbstractRememberMeServices.setTokenValiditySeconds(int). If this value is less than zero, the expiryTime will remain at 14 days, but the negative value will be used for the maxAge property of the cookie, meaning that it will not be stored when the browser is closed.

As per the documentation, I should be able to change the validity by using setTokenValiditySeconds(int) method but it does not have any effect.

So how to override the value set in the config file?

Thanks.

Edit:

class CustomRememberMeService extends TokenBasedRememberMeServices {
    def springSecurityService;

    public final LoggedInUserDetails customAutoLogin(HttpServletRequest request, HttpServletResponse response) {
        def cookies = request.getCookies();
        if (!cookies) return null;
        String rememberMeCookie = extractRememberMeCookie(request);
        for (int i = 0; i < cookies.length; i++) {
            Cookie c = cookies[i];
            if(c.getName().equals('remember_me') && rememberMeCookie == null) {
                rememberMeCookie = c.getValue();
            }
        }
        if (rememberMeCookie == null) return null
        logger.debug("rememberMeCookie is : ${rememberMeCookie}");

        if (rememberMeCookie.length() == 0) {
            cancelCookie(request, response);
            return null;
        }

        String[] cookieTokens = decodeCookie(rememberMeCookie);
        String username = cookieTokens[0];

        def loginContext = request.getParameter('loginContext')
        loginContext = (loginContext == null) ? "mainWeb" : loginContext

        setTokenValiditySeconds(60) // not working

        LoggedInUserDetails user = getUserDetailsService().loadUserByUsername("${username}#${request.getServerName().trim()}#${loginContext}")

        springSecurityService.reauthenticate("${username}#${request.getServerName().trim()}#${loginContext}")
    }
}

The resource.groovy file looks like:

//..
customRememberMeService(com.rwi.springsecurity.services.CustomRememberMeService) {
    userDetailsService = ref('userDetailsService')
    springSecurityService = ref('springSecurityService')
    key = "${grailsApplication.config.grails.plugins.springsecurity.rememberMe.key}"
}
customRememberMeServicesFilter(CustomRememberMeServicesFilter){
    authenticationManager = ref('authenticationManager')
    rememberMeServices = ref('rememberMeServices')
    customRememberMeService = ref('customRememberMeService')
}
//..

CustomRemeberMEService.groovy

// ..
class CustomRememberMeServicesFilter extends RememberMeAuthenticationFilter {
    def customRememberMeService;
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            LoggedInUserDetails rememberMeAuth = customRememberMeService.customAutoLogin(request, response);
        }   
        chain.doFilter(request, response);
    }
}

How to set custom time out for remember me cookie in grails spring security?

Answers (1)

Related Questions