发表新帖
发表新帖

Changing password using Spring security

后端 未结
关注
2 1446
心在旅途
心在旅途 2020-12-20 06:47

I use,

  • Spring Framework 4.0.0 RELEASE (GA)
  • Spring Security 3.2.0 RELEASE (GA)
  • Struts 2.3.16

in which I use,

o
2条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2020-12-20 07:06

    A method to change the password is a good solution, as there is no special functionality for this in spring security.

    The reason why no special functionality exists for this in spring security, is that it's not needed if using a session.

    The user's current session identified by the JSESSIONID cookie is still residing in the user's browser and will still be a valid session after the password change.

    When the old password was checked the last time the user logged in, a cookie was generated and kept in a map of valid cookies in memory.

    The temporary authentication token (the cookie) is still valid and has a max. lifetime, and changing the password on the database will not impact the current session validity.

    0 讨论(0)
 看不清?
提交回复
热议问题