我需要在会话超时后自动重定向到登录页面,或者至少显示会话已过期的警报。我尝试配置Spring Security,但它不起作用,调试器在超时后无法捕获LogoutSuccessHandlerService中的代码。也许我遗漏了一些东西,或者Spring Security的这种方法从一开始就是错误的?如果是这样的话,有人能提供这样的任务完整的工作示例吗?我使用的是Sping Boot 2.5.6,Spring Security,前端是html,javascript,JQuery和dataTable。下面是我的代码:
SecurityConfig.java
private final AppProperties appProperties;
@Autowired
private LogoutSuccessHandlerService logoutSuccessHandlerService;
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/static/**")
.antMatchers("/webjars/**")
.antMatchers("/css/**")
.antMatchers("/fonts/**")
.antMatchers("/img/**")
.antMatchers("/js/**")
.antMatchers("/scripts/**")
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/", true)
.failureUrl("/login?error=true")
.loginProcessingUrl("/j_spring_security_check")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessHandler(logoutSuccessHandlerService)
.logoutSuccessUrl("/login")
.permitAll()
.and()
.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
AppProperties.Security security = appProperties.getSecurity();
auth.inMemoryAuthentication()
.withUser(security.getUser())
.password(passwordEncoder().encode(security.getPassword()))
.roles(security.getRole());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}LogoutSuccessHandlerService.java 扩展了简单URL注销成功处理程序
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
if (authentication != null) {
}
log.info("logout success");
setDefaultTargetUrl("/login");
super.onLogoutSuccess(request, response, authentication);
}application-local.yml
服务器:端口:8086小服务程序:会话:超时:2个月
1条答案
按热度按时间t1rydlwq1#
找到了一个解决方案。Spring安全无法解决它,我使用了JavaScript。此解决方案每分钟发送一次请求,如果响应数据不为空,则会发生重定向。它仅适用于浏览器中的一个登录用户。
页眉html页
登录控制器