java – spring security – expiredUrl不工作
发布时间:2020-12-14 05:12:01 所属栏目:Java 来源:网络整理
导读:我需要在我的 Spring MVC应用程序中配置过期URL.这是我的努力,但没有效果: @Overrideprotected void configure(HttpSecurity http) throws Exception { http .addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class) .a
|
我需要在我的
Spring MVC应用程序中配置过期URL.这是我的努力,但没有效果:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(customerAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
.csrf()
.disable()
.authorizeRequests()
.antMatchers("...","...","...").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login")
.and()
.logout()
.addLogoutHandler(customLogoutHandler())
.logoutSuccessHandler(customLogoutSuccessHandler())
.logoutUrl("/logout")
.deleteCookies("remove")
.invalidateHttpSession(true)
.permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/expired");
}
这没有任何效果,当用户的会话超时时,spring不会将他重定向到/过期的URL,并将其重定向到/ admin / login url. 更新: 我在评论和回答中尝试了建议的解决方案,但没有看到任何效果.另外我在方法开头删除了addLogoutHandler(),logoutSuccessHandler()和两个addFilterBefore(),但是不起作用. 我也尝试过这样一个解决方案: @Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(sessionManagementFilter(),SessionManagementFilter.class)
.csrf()
.disable()
.authorizeRequests()
.antMatchers("...","...").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("remove")
.invalidateHttpSession(true)
.permitAll();
}
@Bean
public SessionManagementFilter sessionManagementFilter() {
SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(httpSessionSecurityContextRepository());
sessionManagementFilter.setInvalidSessionStrategy(simpleRedirectInvalidSessionStrategy());
return sessionManagementFilter;
}
@Bean
public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() {
SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy("/expired");
return simpleRedirectInvalidSessionStrategy;
}
@Bean
public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository(){
HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
return httpSessionSecurityContextRepository;
}
有人可以帮我解决这个问题吗? 解决方法
我以这种方式尝试了Ali Dehghani的解决方案(在评论中):
.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/expired");
正如The Coder所说,在允许的URL中添加“/ expired”,解决问题.感谢所有关注我的问题的人,特别是阿里·德哈吉尼(Ali Dehghani)和The Coder,他们的意见很有帮助. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |