zoukankan      html  css  js  c++  java
  • SpringBoot设置Session失效时间

    1 #Session超时时间设置,单位是秒,默认是30分钟
    2 server.session.timeout=10

    然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个

    1     private long getSessionTimeoutInMinutes() {
    2         Duration sessionTimeout = this.getSession().getTimeout();
    3         return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L);
    4     }

    ⒈Session失效后如何跳转到Session失效地址

     1 package cn.coreqi.security.config;
     2 
     3 import cn.coreqi.security.Filter.SmsCodeFilter;
     4 import cn.coreqi.security.Filter.ValidateCodeFilter;
     5 import org.springframework.beans.factory.annotation.Autowired;
     6 import org.springframework.context.annotation.Bean;
     7 import org.springframework.context.annotation.Configuration;
     8 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     9 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    10 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
    11 import org.springframework.security.crypto.password.PasswordEncoder;
    12 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
    13 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
    14 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
    15 
    16 @Configuration
    17 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    18 
    19     @Autowired
    20     private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;
    21 
    22     @Autowired
    23     private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;
    24 
    25     @Autowired
    26     private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
    27 
    28     @Bean
    29     public PasswordEncoder passwordEncoder(){
    30         return NoOpPasswordEncoder.getInstance();
    31     }
    32 
    33 
    34     @Override
    35     protected void configure(HttpSecurity http) throws Exception {
    36         ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
    37         validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);
    38 
    39         SmsCodeFilter smsCodeFilter = new SmsCodeFilter();
    40 
    41 
    42         //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter
    43         http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
    44                 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
    45                 .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter
    46                     .loginPage("/coreqi-signIn.html")  //指定登录页面
    47                     //.loginPage("/authentication/require")
    48                     .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址
    49                     .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。
    50                     .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把
    51                 .and()
    52                 .sessionManagement()
    53                     .invalidSessionUrl("session/invalid")    //session过期后跳转的URL
    54                 .and()
    55                 .authorizeRequests()    //对授权请求进行配置
    56                     .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证
    57                     .anyRequest().authenticated()  //任何请求都需要身份认证
    58                     .and().csrf().disable()    //禁用CSRF
    59                 .apply(smsCodeAuthenticationSecurityConfig);
    60             //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环
    61     }
    62 }
    1     @GetMapping("/session/invalid")
    2     @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
    3     public SimpleResponse sessionInvalid(){
    4         String message = "session失效";
    5         return new SimpleResponse(message);
    6     }
  • 相关阅读:
    系统结构实践——第一次作业
    个人作业——软件工程实践总结作业
    个人作业——软件评测
    软件工程第五次作业--结队编程
    软件工程第四次作业--结队作业
    第一次个人编程作业
    第一次软工作业
    java第五周上机练习
    Java作业5
    java4
  • 原文地址:https://www.cnblogs.com/fanqisoft/p/10658070.html
Copyright © 2011-2022 走看看