[英]Redirect user to login page on timeout Spring Security
I am using Spring Core version 4.1.6 and Spring security 4.0.1. 我正在使用Spring Core版本4.1.6和Spring安全4.0.1。
I want to redirect user to login page on timeout. 我想在超时时将用户重定向到登录页面。
So far after some research, I implemented ApplicationListener<HttpSessionDestroyedEvent>
and I can now successfully intercept timeouts and logouts. 经过一些研究,到目前为止,我实现了ApplicationListener<HttpSessionDestroyedEvent>
,现在可以成功拦截超时和注销。
I have HttpSessionDestroyedEvent
object in onApplicationEvent
function. 我在onApplicationEvent
函数中有HttpSessionDestroyedEvent
对象。 This object dont seem to have any method from where I can redirect user or return login model object. 这个对象似乎没有任何方法可以从中重定向用户或返回登录模型对象。 My question is how can I redirect user to login page? 我的问题是如何将用户重定向到登录页面?
I have seen this url but it doesn't intercepts timeouts. 我看过这个网址,但它不会拦截超时。 My question is more focused towards timeouts. 我的问题更关注超时。
There are several approaches for this. 有几种解决方法。 first you can use spring security auto config in your applicationContext.xml
by setting login-page
it will automatically redirect not logged-in users reaching secured routes (like /userReged/**) to that certain login-page : 首先,您可以通过设置login-page
在applicationContext.xml
使用spring security auto config,它将自动将未登录的用户(如/ userReged / **等)到达安全路由重定向到该特定登录页面:
<security:http auto-config="true">
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/userReged/**" access="ROLE_USER"/>
<security:form-login
login-page="/"
default-target-url="/somePage"
authentication-failure-url="/user/logfailed?error"
username-parameter="userName"
password-parameter="userPassword" />
<security:logout
logout-success-url="/?logout"/>
</security:http>
one other way is to check user being logged-in in your controller manually in specific route : 另一种方法是按特定路径检查正在控制器中手动登录的用户:
@RequestMapping("/somePage")
public String getSomePage(Model model, HttpServletRequest request) {
Principal principal = request.getUserPrincipal();
if (principal != null) {
User activeUser = userService.getUserByPhone(principal.getName());
// ...
} else { // user is not authenticated
System.out.println("user is not authenticated to proceed the somePage!!!!!!!");
return "redirect:/";
}
}
In order to set timeout for spring security you can put this in your web.xml
: 为了设置弹簧安全性的超时时间,您可以将其放在web.xml
:
<session-config>
<session-timeout>
1440
<!--mins-->
</session-timeout>
</session-config>
now if you want to redirect clients on exact timeout you can refresh the page automatically in client side in some intervals. 现在,如果您想在确切的超时时间内重定向客户端,则可以按一定的间隔在客户端自动刷新页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.