spring-security Spring Security在会话超时后自动重定向到登录页面

s71maibg  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(305)

我需要在会话超时后自动重定向到登录页面,或者至少显示会话已过期的警报。我尝试配置Spring Security,但它不起作用,调试器在超时后无法捕获LogoutSuccessHandlerService中的代码。也许我遗漏了一些东西,或者Spring Security的这种方法从一开始就是错误的?如果是这样的话,有人能提供这样的任务完整的工作示例吗?我使用的是Sping Boot 2.5.6,Spring Security,前端是html,javascript,JQuery和dataTable。下面是我的代码:
SecurityConfig.java

private final AppProperties appProperties;

@Autowired
private LogoutSuccessHandlerService logoutSuccessHandlerService;

@Override
public void configure(WebSecurity web) {
    web.ignoring()
            .antMatchers("/static/**")
            .antMatchers("/webjars/**")
            .antMatchers("/css/**")
            .antMatchers("/fonts/**")
            .antMatchers("/img/**")
            .antMatchers("/js/**")
            .antMatchers("/scripts/**")
    ;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .defaultSuccessUrl("/", true)
            .failureUrl("/login?error=true")
            .loginProcessingUrl("/j_spring_security_check")
            .and()
            .authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .logout()
            .invalidateHttpSession(true)
            .logoutSuccessHandler(logoutSuccessHandlerService)
            .logoutSuccessUrl("/login")
            .permitAll()
            .and()
            .csrf().disable();
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    AppProperties.Security security = appProperties.getSecurity();

    auth.inMemoryAuthentication()
            .withUser(security.getUser())
            .password(passwordEncoder().encode(security.getPassword()))
            .roles(security.getRole());
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

LogoutSuccessHandlerService.java 扩展了简单URL注销成功处理程序

@Override
public void onLogoutSuccess(HttpServletRequest request,
                            HttpServletResponse response,
                            Authentication authentication) throws IOException, ServletException {
    if (authentication != null) {

    }
    log.info("logout success");
    setDefaultTargetUrl("/login");

    super.onLogoutSuccess(request, response, authentication);
}

application-local.yml
服务器:端口:8086小服务程序:会话:超时:2个月

t1rydlwq

t1rydlwq1#

找到了一个解决方案。Spring安全无法解决它,我使用了JavaScript。此解决方案每分钟发送一次请求,如果响应数据不为空,则会发生重定向。它仅适用于浏览器中的一个登录用户。
页眉html页

<script>
            setInterval(function() {
                $.ajax({
                    url: "/check-session",
                    method: "GET",
                    contentType: 'application/json; charset=utf-8',
                    success: function(data){
                        if (data && data.length > 0) {
                            window.location.replace("/login");
                        }
                    },
                    error: function (data) {
                        console.log("error");
                        console.log(data);
                    }
                })
            }, 60000);
    </script>

登录控制器

@GetMapping("/check-session")
public ResponseEntity<String> checkSession() {
    return new ResponseEntity<>(HttpStatus.OK);
}

相关问题