Spring Security：会话到期而没有重定向到expired-url？ [英] Spring Security: session expiration without redirect to expired-url?

问题描述

我正在使用基于Spring Security 3.0.2表单的身份验证。但是我无法弄清楚如何配置它以便当会话到期时请求不会重定向到其他页面（expired-url）或显示会话过期消息。

I'm using Spring Security 3.0.2 form based authentication. But I can't figure out how I can configure it so that when a session expires that the request is not redirect to an other page (expired-url) or displays a 'session expires' message.

我不想要任何重定向或消息，我希望匿名会话的启动就像没有会话的用户进入网站一样。

我当前的配置：

<http>
  <intercept-url pattern="/login.action*" filters="none"/>
  <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
  <form-login login-page="/login.action"
               authentication-failure-url="/login.action?error=failed"
               login-processing-url="/login-handler.action"/>
  <logout logout-url="/logoff-execute.action"
          logout-success-url="/logoff.action?done=1"/>
  <remember-me key="remember-me-security" services-ref="rememberMeServices"/>
  <session-management >
    <concurrency-control max-sessions="1"
                         error-if-maximum-exceeded="false"
                         expired-url="/login.action?error=expired.url"/>
  </session-management>
</http>

推荐答案

我想说你必须编写自己的过滤器。

看看 spring framework docs 。

I would say you have to write your own filter.
Take a look at the spring framework docs.

还有一个非常尘埃的样本，但我认为它仍然非常正确：超时过滤器示例。

There is also a very dusty sample but I think it's still quite correct: timeout filter sample.

这篇关于Spring Security：会话到期而没有重定向到expired-url？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！