当前位置:theitroad>java Spring Security 会话超时时间太短

java Spring Security 会话超时时间太短

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/25486352/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-02 08:05:50  来源:igfitidea点击:

Spring Security session timeout is too short

javaspringsessionspring-mvcspring-security

提问by Tony

I don't know how, but session timeout is incredibly short. As I know Spring Security session timeout depends on default server's session configurations. I've found out that GlassFish timeout is 1800 sec(10 min). But I think session removes every 5 minutes. How could this happened? This is my Spring Security configurations:

我不知道怎么做,但是会话超时时间非常短。据我所知,Spring Security 会话超时取决于默认服务器的会话配置。我发现 GlassFish 超时为 1800 秒(10 分钟)。但我认为会话每 5 分钟删除一次。这怎么会发生?这是我的 Spring Security 配置:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">    



    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/adminRole/**" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/userRole/**" access="hasRole('ROLE_USER')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />

        <form-login 
            login-page="/" 
            default-target-url="/resolveRoles" 
            authentication-failure-url="/?error" 
            username-parameter="username"
            password-parameter="password" />
            <remember-me key="key" token-validity-seconds="2419200" />
        <logout logout-success-url="/?logout"  />
        <!-- enable csrf protection -->

    </http>



    <!-- Select users and user_roles from database -->
    <authentication-manager>
      <authentication-provider>
      <password-encoder hash="sha"/>      
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password, enabled from smsc.users where username=?"
          authorities-by-username-query=
            "select username, role from smsc.user_roles where username =?  " />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

回答by Ralph

There is only the session timeout, but no additional timeout in spring security (except the one for the remember me token, but this is a different thing).

只有会话超时,但在 spring 安全性中没有额外的超时(除了记住我令牌的超时,但这是另一回事)。

You can configure the session timeout within the web.xml:

您可以在以下内容中配置会话超时web.xml

<web-app>
   <session-config>
      <!-- in minutes -->
      <session-timeout>60</session-timeout>
   </session-config>
</web-app>

相关推荐

java 从 Spring @Configuration 类自动装配字符串?

java 从 Spring @Configuration 类自动装配字符串?

java 如何在 android API 19 (KitKat) 中保留权限?

java 如何在 android API 19 (KitKat) 中保留权限?

java 从 JSON 对象填充 JTable

java 从 JSON 对象填充 JTable

java 如何调用 API (Oauth 1.0)?

java 如何调用 API (Oauth 1.0)?

相关推荐
最近更新
标签