如何使用Spring安全性获取会话超时消息 [英] How to get session time out message using Spring security

问题描述

我想在会话到期时收到会话超时消息.Below是我的 spring-security.xml

I want to get the session time out message when the session expires.Below is my spring-security.xml

<http auto-config="true" use-expressions="true">
    <logout logout-success-url="/" invalidate-session="true" logout-url="/LogOut"/>
    <form-login login-page="/Login" username-parameter="Name" password-parameter="Pwd"/>
    <session-management invalid-session-url="/?timeout=true">
        <concurrency-control max-sessions="1" expired-url="/Timeout?timeout=true" />
    </session-management>
</http>

根据我的知识，当会话到期时使用上面的代码它应该重定向到 /？timeout = true OR / Timeout？timeout = true 。在注销时，它应该转到 / 。但在我注销的情况下，它还会重定向到 invalid-session-url ，所以我总是在正常注销和会话超时时都获得超时。

According to my knowledge using above code when the session expired it should redirect to /?timeout=true OR /Timeout?timeout=true. And on logout it should go to /. But in my case on logout also its redirecting to invalid-session-url so I am always getting timeout true for both normal logout and session timeout.

请帮我区分一下。

更新

/ logout 请求包含

session = request.getSession();
session.invalidate();
session = null;

推荐答案

我解决了！通过编写过滤器而不是取决于Spring-security。

I Solved it! by writing a filter instead depending on Spring-security.

如果有人感兴趣，他们可以使用以下代码： -

If any one is interested they can use the below code :-

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.text.MessageFormat;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.web.filter.OncePerRequestFilter;

public class FilterToGetTimeOut extends OncePerRequestFilter {

    @Override
    public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException {
        try {
            if(request.getRequestURI().equals("/") || request.getRequestURI().equals("/Login/")){
                if(request.getSession().getAttribute("login") != null && (Boolean)request.getSession().getAttribute("login") == true){
                    response.sendRedirect(URL);     //After login page
                }
            } else if(request.getSession().getAttribute("login") == null && !request.getRequestURI().equals("/LogOut")){
                response.sendRedirect(request.getContextPath()+"/?timeout=true");   //If timeout is true send session timeout error message to JSP
            }
            filterChain.doFilter(request, response);
        } catch (Exception e) {
            //Log Exception

        }
    }
}

在 web.xml 中添加此过滤器。

    <filter>
        <filter-name>FilterToGetTimeOut </filter-name> 
        <filter-class>package.FilterToGetTimeOut </filter-class> 
    </filter>
    <filter-mapping> 
        <filter-name>FilterToGetTimeOut</filter-name> 
        <url-pattern>/*</url-pattern> 
    </filter-mapping> 

所以现在会话也无效，我也可以处理会话超时。

So now session also invalidates and I can handle the session timeout too.

这篇关于如何使用Spring安全性获取会话超时消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！