设置Session失效时间及失效跳转
|
1
2
|
#Session超时时间设置,单位是秒,默认是30分钟 server.servlet.session.timeout=10 |
然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个
|
1
2
3
4
|
private long getSessionTimeoutInMinutes() { Duration sessionTimeout = this.getSession().getTimeout(); return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L); } |
如果说某些人看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。
Session失效后如何跳转到Session失效地址
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
package cn.coreqi.security.config; import cn.coreqi.security.Filter.SmsCodeFilter;import cn.coreqi.security.Filter.ValidateCodeFilter;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.password.NoOpPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.web.authentication.AuthenticationFailureHandler;import org.springframework.security.web.authentication.AuthenticationSuccessHandler;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler; @Autowired private AuthenticationFailureHandler coreqiAuthenticationFailureHandler; @Autowired private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig; @Bean public PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(HttpSecurity http) throws Exception { ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter(); validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler); SmsCodeFilter smsCodeFilter = new SmsCodeFilter(); //http.httpBasic() //httpBasic登录 BasicAuthenticationFilter http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面 .formLogin() //表单登录 UsernamePasswordAuthenticationFilter .loginPage("/coreqi-signIn.html") //指定登录页面 //.loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址 .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。 .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把 .and() .sessionManagement() .invalidSessionUrl("session/invalid") //session过期后跳转的URL .and() .authorizeRequests() //对授权请求进行配置 .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证 .anyRequest().authenticated() //任何请求都需要身份认证 .and().csrf().disable() //禁用CSRF .apply(smsCodeAuthenticationSecurityConfig); //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环 }} |
|
1
2
3
4
5
6
|
@GetMapping("/session/invalid") @ResponseStatus(code = HttpStatus.UNAUTHORIZED) public SimpleResponse sessionInvalid(){ String message = "session失效"; return new SimpleResponse(message); } |
设置Session失效的几种方式
如果是1.5.6版本
这里可以在application中加上bean文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
package com.example.demo;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;import org.springframework.context.annotation.Bean;@SpringBootApplicationpublic class DemoApplication {undefinedpublic static void main(String[] args) { SpringApplication.run(DemoApplication.class, args);}//设置session过期时间@Beanpublic EmbeddedServletContainerCustomizer containerCustomizer() { return new EmbeddedServletContainerCustomizer() { public void customize(ConfigurableEmbeddedServletContainer container) { container.setSessionTimeout(7200);// 单位为S } };}} |
还可以设置
application.yml
|
1
2
3
4
5
|
server:port: 8081servlet:session:timeout: 60s |
|
1
2
3
4
5
6
7
8
9
10
11
|
@RestControllerpublic class HelloController {undefined@PostMapping("test")public Integer getTest(@RequestParam("nyy")String nn, HttpServletRequest httpServletRequest ){ HttpSession session = httpServletRequest.getSession(); session.setMaxInactiveInterval(60); int maxInactiveInterval = session.getMaxInactiveInterval(); long lastAccessedTime = session.getLastAccessedTime(); return maxInactiveInterval;}} |
以上为个人经验,希望能给大家一个参考,也希望大家多多支持服务器之家。
原文链接:https://www.cnblogs.com/fanqisoft/p/10658070.html
