当前位置:theitroad>Java Spring Security:会话过期而不重定向到过期 url?

Java Spring Security:会话过期而不重定向到过期 url?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/2693268/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-13 10:54:14  来源:igfitidea点击:

Spring Security: session expiration without redirect to expired-url?

javasessionspring-security

提问by Kdeveloper

I'm using Spring Security 3.0.2 form based authentication. But I can't figure out how I can configure it so that when a session expires that the request is not redirect to an other page (expired-url) or displays a 'session expires' message.

我正在使用基于 Spring Security 3.0.2 表单的身份验证。但是我不知道如何配置它,以便在会话过期时请求不会重定向到其他页面(expired-url)或显示“会话过期”消息。

I don't want any redirect or messages, I want that a anonymous session is started just like when a user without a session enters the website.

我不想要任何重定向或消息,我希望匿名会话开始,就像没有会话的用户进入网站一样。

My current configuration:

我目前的配置:

<http>
  <intercept-url pattern="/login.action*" filters="none"/>
  <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
  <form-login login-page="/login.action"
               authentication-failure-url="/login.action?error=failed"
               login-processing-url="/login-handler.action"/>
  <logout logout-url="/logoff-execute.action"
          logout-success-url="/logoff.action?done=1"/>
  <remember-me key="remember-me-security" services-ref="rememberMeServices"/>
  <session-management >
    <concurrency-control max-sessions="1"
                         error-if-maximum-exceeded="false"
                         expired-url="/login.action?error=expired.url"/>
  </session-management>
</http>

采纳答案by dube

I would say you have to write your own filter.
Take a look at the spring framework docs.

我会说你必须编写自己的过滤器。
查看spring 框架文档

There is also a very dusty sample but I think it's still quite correct: timeout filter sample.

还有一个尘土飞扬的样本,但我认为它仍然非常正确:timeout filter sample

回答by Ice-Man

You can try:

你可以试试:

    <logout invalidate-session="true"
             logout-url="/LoginPage.jsf?error_logout=logoutComSucesso"/><!--invalido logout-success-url="/LoginPage.jsf?auth_error" -->
    <session-management session-fixation-protection="newSession" invalid-session-url="/LoginPage.jsf?error=sessionExpired"
                    session-authentication-error-url="/LoginPage.jsf?auth_error=BadCredencials" >
    </session-management>

相关推荐

什么是替换 java.util.Date(year,month,day) 的公认方法

什么是替换 java.util.Date(year,month,day) 的公认方法

Java 在 Android 中写入和读取二进制文件

Java 在 Android 中写入和读取二进制文件

使用java多线程的交通灯程序

使用java多线程的交通灯程序

Java:多线程和 UDP 套接字编程

Java:多线程和 UDP 套接字编程

相关推荐
最近更新
标签