堆栈内存溢出
  简体   繁体   English

Spring Security会话超时-Java

[英]Spring Security Session Timeout - Java

 原文  2018-04-17 14:34:25       java/ spring/ spring-security

问题描述

My Spring security works well but after some afk time I start getting tons of exceptions when the user goes to the pages. 我的Spring安全性很好,但是经过一段时间后,当用户转到页面时,我开始收到大量异常。

I noticed that session and principal is null that's why I get error 500. 我注意到该session and principal is null ,这就是为什么我得到错误500的原因。

How do I redirect the user that to the login again? 如何将用户再次重定向到登录名?

Or I can simply remove the session timeout (i dont really need it) 或者我可以简单地删除会话超时(我真的不需要它) 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
@ComponentScan("pt.impactzero.atp")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;
    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
                .and()
                .formLogin()
                    .loginPage("/login").permitAll()
                    .defaultSuccessUrl("/dashboard",true)
                    .failureUrl("/login?error")
                    .successHandler(authenticationSuccessHandler)
                .and()
                .logout()
                    .logoutUrl("/logout").permitAll()
                    .logoutSuccessUrl("/login")
                    .logoutSuccessHandler(logoutSuccessHandler)
                .and()
                .csrf().disable();
    }

    @Override
    public void configure(WebSecurity web) {
        web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService).passwordEncoder(passwordEncoder());
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        return passwordEncoder;
    }

    @Bean
    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
        DefaultHttpFirewall firewall = new DefaultHttpFirewall();
        firewall.setAllowUrlEncodedSlash(true);
        return firewall;
    }

    @Bean
    public CommonsMultipartResolver filterMultipartResolver(){
        return new CommonsMultipartResolver();
    }

    //Online users
    @Bean
    public ActiveUsers activeUsers(){
        return new ActiveUsers();
    }
}

1 个解决方案

解决方案1
 1 已采纳  2018-04-17 15:12:48

If you want disable session, you can: 如果要禁用会话,可以: 

@Override
protected void configure(HttpSecurity http) throws Exception {
    // disable session
    http.sessionManagement().disable()
        .authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
            .and()
            .formLogin()
                .loginPage("/login").permitAll()
                .defaultSuccessUrl("/dashboard",true)
                .failureUrl("/login?error")
                .successHandler(authenticationSuccessHandler)
            .and()
            .logout()
                .logoutUrl("/logout").permitAll()
                .logoutSuccessUrl("/login")
                .logoutSuccessHandler(logoutSuccessHandler)
            .and()
            .csrf().disable();
}

if you want redirect user to login page, you can try this: 如果要重定向用户到登录页面,可以尝试以下操作: 

@Override
protected void configure(HttpSecurity http) throws Exception {
    // redirect user to login page
    http.sessionManagement().invalidSessionUrl("http://your.login.page").and()
        .authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
            .and()
            .formLogin()
                .loginPage("/login").permitAll()
                .defaultSuccessUrl("/dashboard",true)
                .failureUrl("/login?error")
                .successHandler(authenticationSuccessHandler)
            .and()
            .logout()
                .logoutUrl("/logout").permitAll()
                .logoutSuccessUrl("/login")
                .logoutSuccessHandler(logoutSuccessHandler)
            .and()
            .csrf().disable();
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Spring 3 / Spring Security 2.0.5中检测会话超时 - Detect session timeout in Spring 3/Spring Security 2.0.5 Spring Security会话超时太短 - Spring Security session timeout is too short Spring Security-会话超时而无需扩展/更新 - Spring Security - Session Timeout without extending/renewing 使区域设置保持Spring Security会话超时 - Keep locale on Spring Security session timeout Spring安全会话超时处理Ajax调用 - Spring security Session Timeout handling for Ajax calls Logout / Session超时捕获spring security - Logout/Session timeout catching with spring security 使用Spring Security 3.0设置会话超时期限 - Setting session timeout period with Spring Security 3.0 使用Spring Security在会话超时上进行CAS注销 - CAS logout on session timeout using spring security 如何设置 spring 安全会话超时? - How to set spring security session timeout? 如何在 Spring Security 中启用 session 并设置 session 超时 - How to enable session and set session timeout in Spring Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM