我需要在我的Spring MVC應用程序中配置expired-url
。這是我的工作,但沒有效果:spring security - expiredUrl無法正常工作
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(adminAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(customerAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.csrf()
.disable()
.authorizeRequests()
.antMatchers("...", "...", "...").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login")
.and()
.logout()
.addLogoutHandler(customLogoutHandler())
.logoutSuccessHandler(customLogoutSuccessHandler())
.logoutUrl("/logout")
.deleteCookies("remove")
.invalidateHttpSession(true)
.permitAll()
.and()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/expired");
}
這不會有任何效果,當用戶的會話超時,春天不會他重定向到URL /expired
,只是重定向他/admin/login
網址。
更新:
我想提出的意見和答案的解決方案,但沒有看到任何效果。在方法開始時我也刪除了addLogoutHandler()
,logoutSuccessHandler()
和兩個addFilterBefore()
,但是沒有工作。
我也試過這樣另一種解決方案:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(sessionManagementFilter(), SessionManagementFilter.class)
.csrf()
.disable()
.authorizeRequests()
.antMatchers("...", "...", "...").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/admin/login")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("remove")
.invalidateHttpSession(true)
.permitAll();
}
@Bean
public SessionManagementFilter sessionManagementFilter() {
SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(httpSessionSecurityContextRepository());
sessionManagementFilter.setInvalidSessionStrategy(simpleRedirectInvalidSessionStrategy());
return sessionManagementFilter;
}
@Bean
public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() {
SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy("/expired");
return simpleRedirectInvalidSessionStrategy;
}
@Bean
public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository(){
HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
return httpSessionSecurityContextRepository;
}
誰能幫我解決這個問題呢?
,好吧..我想你沒有訪問'/ expired' URL(我知道這是尷尬的,因爲這是一個過期URL必要的權限!處理),所以春季重定向你登錄頁面,甚至訪問過期的頁面..沒有痛苦嘗試..只要嘗試添加'.antMatchers(「/ expired」,「...」,...)。permitAll ()',然後檢查現在是否已成功重定向到過期頁面或仍然是登錄頁面。讓我知道如果它不工作.. –