java – spring security – expiredUrl不工作
发布时间:2020-12-14 05:12:01 所属栏目:Java 来源:网络整理
导读:我需要在我的 Spring MVC应用程序中配置过期URL.这是我的努力,但没有效果: @Overrideprotected void configure(HttpSecurity http) throws Exception { http .addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class) .a
我需要在我的
Spring MVC应用程序中配置过期URL.这是我的努力,但没有效果:
@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class) .addFilterBefore(customerAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class) .csrf() .disable() .authorizeRequests() .antMatchers("...","...","...").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/admin/login") .and() .logout() .addLogoutHandler(customLogoutHandler()) .logoutSuccessHandler(customLogoutSuccessHandler()) .logoutUrl("/logout") .deleteCookies("remove") .invalidateHttpSession(true) .permitAll() .and() .sessionManagement() .maximumSessions(1) .expiredUrl("/expired"); } 这没有任何效果,当用户的会话超时时,spring不会将他重定向到/过期的URL,并将其重定向到/ admin / login url. 更新: 我在评论和回答中尝试了建议的解决方案,但没有看到任何效果.另外我在方法开头删除了addLogoutHandler(),logoutSuccessHandler()和两个addFilterBefore(),但是不起作用. 我也尝试过这样一个解决方案: @Override protected void configure(HttpSecurity http) throws Exception { http .addFilterBefore(sessionManagementFilter(),SessionManagementFilter.class) .csrf() .disable() .authorizeRequests() .antMatchers("...","...").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/admin/login") .and() .logout() .logoutUrl("/logout") .deleteCookies("remove") .invalidateHttpSession(true) .permitAll(); } @Bean public SessionManagementFilter sessionManagementFilter() { SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(httpSessionSecurityContextRepository()); sessionManagementFilter.setInvalidSessionStrategy(simpleRedirectInvalidSessionStrategy()); return sessionManagementFilter; } @Bean public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() { SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy("/expired"); return simpleRedirectInvalidSessionStrategy; } @Bean public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository(){ HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository(); return httpSessionSecurityContextRepository; } 有人可以帮我解决这个问题吗? 解决方法
我以这种方式尝试了Ali Dehghani的解决方案(在评论中):
.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/expired"); 正如The Coder所说,在允许的URL中添加“/ expired”,解决问题.感谢所有关注我的问题的人,特别是阿里·德哈吉尼(Ali Dehghani)和The Coder,他们的意见很有帮助. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |