java – spring security – expiredUrl不工作

前端之家收集整理的这篇文章主要介绍了java – spring security – expiredUrl不工作前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我需要在我的 Spring MVC应用程序中配置过期URL.这是我的努力,但没有效果
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(customerAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("...","...","...").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
                .loginPage("/admin/login")
        .and()
            .logout()
                .addlogoutHandler(customlogoutHandler())
                .logoutSuccessHandler(customlogoutSuccessHandler())
                .logoutUrl("/logout")
        .deleteCookies("remove")
        .invalidateHttpSession(true)
            .permitAll()
        .and()
        .sessionManagement()
            .maximumSessions(1)
            .expiredUrl("/expired");

}

这没有任何效果,当用户的会话超时时,spring不会将他重定向到/过期的URL,并将其重定向到/ admin / login url.

更新:

我在评论和回答中尝试了建议的解决方案,但没有看到任何效果.另外我在方法开头删除了addlogoutHandler(),logoutSuccessHandler()和两个addFilterBefore(),但是不起作用.

我也尝试过这样一个解决方案:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterBefore(sessionManagementFilter(),SessionManagementFilter.class)
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("...","...").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
                .loginPage("/admin/login")
        .and()
            .logout()
                .logoutUrl("/logout")
        .deleteCookies("remove")
        .invalidateHttpSession(true)
            .permitAll();
}

@Bean
public SessionManagementFilter sessionManagementFilter() {
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(httpSessionSecurityContextRepository());
    sessionManagementFilter.setInvalidSessionStrategy(simpleRedirectInvalidSessionStrategy());
    return sessionManagementFilter;
}

@Bean
public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() {
    SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy("/expired");
    return simpleRedirectInvalidSessionStrategy;
}

@Bean
public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository(){
    HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
    return httpSessionSecurityContextRepository;
}

有人可以帮我解决这个问题吗?

解决方法

我以这种方式尝试了Ali Dehghani的解决方案(在评论中):
.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/expired");

正如The Coder所说,在允许的URL中添加“/ expired”,解决问题.感谢所有关注我的问题的人,特别是阿里·德哈吉尼(Ali Dehghani)和The Coder,他们的意见很有帮助.

猜你在找的Java相关文章