![](/img/trans.png)
[英]Spring security doesn't redirect to last requested page login after a session timeout
[英]Spring security auto redirect to login page after session timeout
我需要在 session 超時后自動重定向到登錄頁面,或者至少顯示 session 已過期的警報,我嘗試在超時后配置 Spring 安全,但它不在 Logout 也許我錯過了一些東西或 Spring 的這種方法 安全性從一開始就錯了? 如果是這樣,有人可以提供此類任務的完整工作示例嗎? I am using Spring Boot 2.5.6, Spring Security, front-end is html, javascript, JQuery and dataTable. 這是我的代碼:
安全配置.java
private final AppProperties appProperties;
@Autowired
private LogoutSuccessHandlerService logoutSuccessHandlerService;
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/static/**")
.antMatchers("/webjars/**")
.antMatchers("/css/**")
.antMatchers("/fonts/**")
.antMatchers("/img/**")
.antMatchers("/js/**")
.antMatchers("/scripts/**")
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/", true)
.failureUrl("/login?error=true")
.loginProcessingUrl("/j_spring_security_check")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessHandler(logoutSuccessHandlerService)
.logoutSuccessUrl("/login")
.permitAll()
.and()
.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
AppProperties.Security security = appProperties.getSecurity();
auth.inMemoryAuthentication()
.withUser(security.getUser())
.password(passwordEncoder().encode(security.getPassword()))
.roles(security.getRole());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
LogoutSuccessHandlerService.java 擴展 SimpleUrlLogoutSuccessHandler
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
if (authentication != null) {
}
log.info("logout success");
setDefaultTargetUrl("/login");
super.onLogoutSuccess(request, response, authentication);
}
應用程序-local.yml
服務器:端口:8086 servlet:session:超時:2m
找到了解決方案。 Spring 安全無法解決,我使用了 JavaScript。 此解決方案每分鍾發送一次請求,如果響應數據不是 null,則會發生重定向。 它僅適用於瀏覽器中的一個登錄用戶。
Header html頁面
<script>
setInterval(function() {
$.ajax({
url: "/check-session",
method: "GET",
contentType: 'application/json; charset=utf-8',
success: function(data){
if (data && data.length > 0) {
window.location.replace("/login");
}
},
error: function (data) {
console.log("error");
console.log(data);
}
})
}, 60000);
</script>
登錄控制器
@GetMapping("/check-session")
public ResponseEntity<String> checkSession() {
return new ResponseEntity<>(HttpStatus.OK);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.