如何在Spring Security中启用会话并设置会话超时 [英] How to enable session and set session timeout in Spring Security
本文介绍了如何在Spring Security中启用会话并设置会话超时的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我是Spring Security的新手,正在从事登录,注销和会话超时功能.我已经通过参考
I am new to Spring Security and I am working on a login, logout, and session timeout feature. I have configured my code by referring to this document. My code looks below:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/**")
.access("hasRole('ROLE_USER')").and().formLogin()
.loginPage("/login").failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.and().logout().logoutSuccessUrl("/login?logout").and().csrf();
http.sessionManagement().maximumSessions(1).expiredUrl("/login?expired");
}
覆盖类AbstractSecurityWebApplicationInitializer
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
@Override
public boolean enableHttpSessionEventPublisher() {
return true;
}
}
我需要澄清我是否做对了,如果看起来不错,那么我需要在哪里设置会话超时.我完全基于注释来做.
I need clarification on whether I am doing it right, if it looks good, then where I need to setup the session timeout. I am doing it fully based on annotation.
推荐答案
我只能在web.xml中添加以下配置来解决上述问题.任何更好的方法都会被接受.
I was able to solve above issue by adding below config in web.xml only. any better way will be accepted.
<session-config>
<session-timeout>20</session-timeout>
</session-config>
这篇关于如何在Spring Security中启用会话并设置会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文