如何使用 Spring Security 自动注销 [英] How to log out automatically with Spring Security
问题描述
我有一个 Spring Web 应用程序,我使用 Spring 安全性进行了用户身份验证.
I have a spring web application and I did user authentication using Spring security.
一切正常.登录和注销完美无缺!
Everything works well. Log in and Log out works perfect!
现在,我想实现自动注销.例如,如果用户打开一个窗口大约 30 分钟并且什么都不做(例如会话过期),系统应该自动注销.我该如何实施?
Now, I want to implement in order to log out automatically. For example, if user has a window opened for about 30 minutes and do nothing (Sessions expired for instance) system should log out automatically. How can I implement this?
它可能由客户端实现(我每 1 分钟发送一次请求并检查会话是否结束).但是我不能从 Spring 自动执行此操作吗?
It might be implemented by client side (I send requests every 1 minutes and check if session is ended). But can't I do this automatically from Spring?
我有这个配置:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**" />
<access-denied-handler error-page="/403" />
<form-login login-page="/login"
default-target-url="/admin"
authentication-failure-url="/login?error"
username-parameter="NAME"
password-parameter="PASSWORD" />
<logout invalidate-session="true"
logout-success-url="/login?logout"/>
</http>
在 web.xml 中
and in web.xml
<session-config>
<session-timeout>1</session-timeout>
</session-config>
1 分钟后,我看到该会话已被破坏.1 分钟后终止会话.但页面没有被重定向到/login?logout
after 1 minute, I see that session was destroyed. kill the session after 1 minute. but page was not redirected to /login?logout
推荐答案
如何使用安全配置??我希望下面的配置:会起作用.
applicationContext.xml
How about to use security configuration.?? I hope below config: will work.
applicationContext.xml
--namespace-> xmlns:security="http://www.springframework.org/schema/security"
<security:logout invalidate-session="true"
success-handler-ref="Logout"
logout-url="/logout.html" />
</security:http>
web.xml
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
还有他们,你需要自己写,因为 success-handler-ref="Logout" 是注销的自定义处理程序:
退出@组件
And them, you need to write your own because success-handler-ref="Logout" is custom handler for logout:
Logout
@Component
public class Logout extends SimpleUrlLogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
if (authentication != null) {
// do something
}
setDefaultTargetUrl("/login");
super.onLogoutSuccess(request, response, authentication);
}
}
这篇关于如何使用 Spring Security 自动注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!