I am using Spring http security(Enablewebsecurity) to manage sessions. But the issue I am facing is, whenever I start the application, the app is opening always home page instead of going to login page. The requirement here is if session is out, need to go login page. Also session needs to time out for 30minutes. Is there any wrong with below code,
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/login").setViewName("login");
}
Try to remove.permitAll() after the antmatcher and try again
For adding session management,
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.sessionManagement()
.invalidSessionUrl("/invalidSession.html")
.and()
.logout()
.permitAll();
and in application property, you need to add session timeout.
server.servlet.session.timeout=30m
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.