SpringBoot2.x设置Session失效时间及失效跳转方式

SpringBoot2.x设置Session失效时间及失效跳转方式

目录设置Session失效时间及失效跳转Session失效后如何跳转到Session失效地址设置Session失效的几种方式如果是1.5.6版本还可以设置

设置Session失效时间及失效跳转

#Session超时时间设置，单位是秒，默认是30分钟

server.servlet.session.timeout=10

然而并没有什么用，因为SpringBoot在TomcatServletWebServerFactory代码中写了这个

private long getSessionTimeoutInMinutes() {

Duration sessionTimeout = this.getSession().getTimeout();

return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L);

}

如果说某些人看不懂 Duration 这个类是什么，我不推荐你接着看下去了，因为没有什么帮助。

Session失效后如何跳转到Session失效地址

package cn.coreqi.security.config;

import cn.coreqi.security.Filter.SmsCodeFilter;

import cn.coreqi.security.Filter.ValidateCodeFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired

private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

@Autowired

private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

@Autowired

private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

@Bean

public PasswordEncoder passwordEncoder(){

return NoOpPasswordEncoder.getInstance();

}

@Override

protected void configure(HttpSecurity http) throws Exception {

ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();

validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

SmsCodeFilter smsCodeFilter = new SmsCodeFilter();

//http.httpBasic() //httpBasic登录 BasicAuthenticationFilter

http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面

.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面

.formLogin() //表单登录 UsernamePasswordAuthenticationFilter

.loginPage("/coreqi-signIn.html") //指定登录页面

//.loginPage("/authentication/require")

.loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址

.successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器，不用Spring默认的。

.failureHandler(coreqiAuthenticationFailureHandler) //自己体会把

.and()

.sessionManagement()

.invalidSessionUrl("session/invalid") //session过期后跳转的URL

.and()

.authorizeRequests() //对授权请求进行配置

.antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证

.anyRequest().authenticated() //任何请求都需要身份认证

.and().csrf().disable() //禁用CSRF

.apply(smsCodeAuthenticationSecurityConfig);

//FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环

}

}

@GetMapping("/session/invalid")

@ResponseStatus(code = HttpStatus.UNAUTHORIZED)

public SimpleResponse sessionInvalid(){

String message = "session失效";

return new SimpleResponse(message);

}

设置Session失效的几种方式

如果是1.5.6版本

这里可以在application中加上bean文件

package com.example.demo;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;

import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;

import org.springframework.context.annotation.Bean;

@SpringBootApplication

public class DemoApplication {undefined

public static void main(String[] args) {

SpringApplication.run(DemoApplication.class, args);

}

//设置session过期时间

@Bean

public EmbeddedServletContainerCustomizer containerCustomizer() {

return new EmbeddedServletContainerCustomizer() {

public void customize(ConfigurableEmbeddedServletContainer container) {

container.setSessionTimeout(7200);// 单位为S

}

};

}

}

还可以设置

application.yml

server:

port: 8081

servlet:

session:

timeout: 60s

@RestController

public class HelloController {undefined

@PostMapping("test")

public Integer getTest(@RequestParam("nyy")String nn, HttpServletRequest httpServletRequest ){

HttpSession session = httpServletRequest.getSession();

session.setMaxInactiveInterval(60);

int maxInactiveInterval = session.getMaxInactiveInterval();

long lastAccessedTime = session.getLastAccessedTime();

return maxInactiveInterval;

}

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。