SpringSecurity 重写cookie
时间: 2023-07-25 11:11:27 浏览: 56
可以通过实现`CookieSerializer`接口来重写Spring Security中的cookie。具体步骤如下:
1. 创建一个类并实现`CookieSerializer`接口。
2. 在实现的`serializeCookie()`方法中,可以自定义cookie的name、value、domain、path、max-age等属性。
3. 在Spring Security配置中使用`cookieSerializer()`方法来指定自定义的`CookieSerializer`实现类。
下面是一个简单的示例代码,供您参考:
```java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public CookieSerializer cookieSerializer() {
return new MyCookieSerializer();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.logoutSuccessUrl("/")
.and()
.rememberMe()
.key("remember-me-key")
.rememberMeCookieName("my-remember-me-cookie")
.rememberMeCookieDomain("example.com")
.rememberMeCookiePath("/my-app")
.tokenValiditySeconds(86400);
}
}
public class MyCookieSerializer implements CookieSerializer {
private final DefaultCookieSerializer delegate = new DefaultCookieSerializer();
@Override
public String readCookieValue(HttpServletRequest request, HttpServletResponse response) {
return delegate.readCookieValue(request, response);
}
@Override
public void writeCookieValue(CookieValue cookieValue) {
delegate.writeCookieValue(cookieValue);
}
@Override
public void setDomainName(String domainName) {
delegate.setDomainName(domainName);
}
@Override
public void setCookieName(String cookieName) {
delegate.setCookieName(cookieName);
}
@Override
public void setCookiePath(String cookiePath) {
delegate.setCookiePath(cookiePath);
}
@Override
public void setCookieMaxAge(Integer cookieMaxAge) {
delegate.setCookieMaxAge(cookieMaxAge);
}
@Override
public void setUseSecureCookie(boolean useSecureCookie) {
delegate.setUseSecureCookie(useSecureCookie);
}
@Override
public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) {
delegate.setUseHttpOnlyCookie(useHttpOnlyCookie);
}
}
```