SpringBoot2.x设置Session失效时间及失效跳转
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
SpringBoot2.x设置Session失效时间及失效跳转
1 #Session超时时间设置,单位是秒,默认是30分钟
2 server.servlet.session.timeout=10
然⽽并没有什么⽤,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个
1private long getSessionTimeoutInMinutes() {
2 Duration sessionTimeout = this.getSession().getTimeout();
3return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L);
4 }
如果说某些⼈看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。
⒈Session失效后如何跳转到Session失效地址
1package cn.coreqi.security.config;
2
3import cn.coreqi.security.Filter.SmsCodeFilter;
4import cn.coreqi.security.Filter.ValidateCodeFilter;
5import org.springframework.beans.factory.annotation.Autowired;
6import org.springframework.context.annotation.Bean;
7import org.springframework.context.annotation.Configuration;
8import org.springframework.security.config.annotation.web.builders.HttpSecurity;
9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10import org.springframework.security.crypto.password.NoOpPasswordEncoder;
11import org.springframework.security.crypto.password.PasswordEncoder;
12import org.springframework.security.web.authentication.AuthenticationFailureHandler;
13import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
14import ernamePasswordAuthenticationFilter;
15
16 @Configuration
17public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
18
19 @Autowired
20private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;
21
22 @Autowired
23private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;
24
25 @Autowired
26private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
27
28 @Bean
29public PasswordEncoder passwordEncoder(){
30return NoOpPasswordEncoder.getInstance();
31 }
32
33
34 @Override
35protected void configure(HttpSecurity http) throws Exception {
36 ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
37 validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);
38
39 SmsCodeFilter smsCodeFilter = new SmsCodeFilter();
40
41
42//http.httpBasic() //httpBasic登录 BasicAuthenticationFilter
43 http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载⽤户名密码过滤器的前⾯
44 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载⽤户名密码过滤器的前⾯
45 .formLogin() //表单登录 UsernamePasswordAuthenticationFilter
46 .loginPage("/coreqi-signIn.html") //指定登录页⾯
47//.loginPage("/authentication/require")
48 .loginProcessingUrl("/authentication/form") //指定表单提交的地址⽤于替换UsernamePasswordAuthenticationFilter默认的提交地址
49 .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要⽤我们⾃定义的登录成功处理器,不⽤Spring默认的。
50 .failureHandler(coreqiAuthenticationFailureHandler) //⾃⼰体会把
51 .and()
52 .sessionManagement()
53 .invalidSessionUrl("session/invalid") //session过期后跳转的URL
54 .and()
55 .authorizeRequests() //对授权请求进⾏配置
56 .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页⾯不需要⾝份认证
57 .anyRequest().authenticated() //任何请求都需要⾝份认证
58 .and().csrf().disable() //禁⽤CSRF
59 .apply(smsCodeAuthenticationSecurityConfig);
60//FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后⼀环
61 }
62 }
1 @GetMapping("/session/invalid")
2 @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
3public SimpleResponse sessionInvalid(){
4 String message = "session失效";
5return new SimpleResponse(message);
6 }。