[英]Spring Security Session Timeout - Java
My Spring security works well but after some afk time I start getting tons of exceptions when the user goes to the pages. 我的Spring安全性很好,但是经过一段时间后,当用户转到页面时,我开始收到大量异常。
I noticed that session and principal is null
that's why I get error 500. 我注意到该session and principal is null
,这就是为什么我得到错误500的原因。
How do I redirect the user that to the login again? 如何将用户再次重定向到登录名?
Or I can simply remove the session timeout (i dont really need it) 或者我可以简单地删除会话超时(我真的不需要它)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
@ComponentScan("pt.impactzero.atp")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Autowired
private AuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private LogoutSuccessHandler logoutSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
.and()
.formLogin()
.loginPage("/login").permitAll()
.defaultSuccessUrl("/dashboard",true)
.failureUrl("/login?error")
.successHandler(authenticationSuccessHandler)
.and()
.logout()
.logoutUrl("/logout").permitAll()
.logoutSuccessUrl("/login")
.logoutSuccessHandler(logoutSuccessHandler)
.and()
.csrf().disable();
}
@Override
public void configure(WebSecurity web) {
web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder;
}
@Bean
public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
DefaultHttpFirewall firewall = new DefaultHttpFirewall();
firewall.setAllowUrlEncodedSlash(true);
return firewall;
}
@Bean
public CommonsMultipartResolver filterMultipartResolver(){
return new CommonsMultipartResolver();
}
//Online users
@Bean
public ActiveUsers activeUsers(){
return new ActiveUsers();
}
}
If you want disable session, you can: 如果要禁用会话,可以:
@Override
protected void configure(HttpSecurity http) throws Exception {
// disable session
http.sessionManagement().disable()
.authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
.and()
.formLogin()
.loginPage("/login").permitAll()
.defaultSuccessUrl("/dashboard",true)
.failureUrl("/login?error")
.successHandler(authenticationSuccessHandler)
.and()
.logout()
.logoutUrl("/logout").permitAll()
.logoutSuccessUrl("/login")
.logoutSuccessHandler(logoutSuccessHandler)
.and()
.csrf().disable();
}
if you want redirect user to login page, you can try this: 如果要重定向用户到登录页面,可以尝试以下操作:
@Override
protected void configure(HttpSecurity http) throws Exception {
// redirect user to login page
http.sessionManagement().invalidSessionUrl("http://your.login.page").and()
.authorizeRequests().antMatchers("/").hasAnyRole("Administrator" , "Member")
.and()
.formLogin()
.loginPage("/login").permitAll()
.defaultSuccessUrl("/dashboard",true)
.failureUrl("/login?error")
.successHandler(authenticationSuccessHandler)
.and()
.logout()
.logoutUrl("/logout").permitAll()
.logoutSuccessUrl("/login")
.logoutSuccessHandler(logoutSuccessHandler)
.and()
.csrf().disable();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.