好得很程序员自学网

<tfoot draggable='sEl'></tfoot>

SpringBoot2.x设置Session失效时间及失效跳转方式

设置Session失效时间及失效跳转

?

1

2

#Session超时时间设置,单位是秒,默认是 30 分钟

  server.servlet.session.timeout= 10

然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个

?

1

2

3

4

    private long getSessionTimeoutInMinutes() {

        Duration sessionTimeout = this .getSession().getTimeout();

        return this .isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L);

    }

如果说某些人看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。

Session失效后如何跳转到Session失效地址

?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

package cn.coreqi.security.config; 

import cn.coreqi.security.Filter.SmsCodeFilter;

import cn.coreqi.security.Filter.ValidateCodeFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired

    private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

    @Autowired

    private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

    @Autowired

    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Bean

    public PasswordEncoder passwordEncoder(){

        return NoOpPasswordEncoder.getInstance();

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();

        validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

        SmsCodeFilter smsCodeFilter = new SmsCodeFilter();

        //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter

        http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter. class )     //加载用户名密码过滤器的前面

                .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter. class )     //加载用户名密码过滤器的前面

                .formLogin()     //表单登录 UsernamePasswordAuthenticationFilter

                    .loginPage( "/coreqi-signIn.html" )   //指定登录页面

                    //.loginPage("/authentication/require")

                    .loginProcessingUrl( "/authentication/form" ) //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址

                    .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。

                    .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把

                .and()

                .sessionManagement()

                    .invalidSessionUrl( "session/invalid" )     //session过期后跳转的URL

                .and()

                .authorizeRequests()     //对授权请求进行配置

                    .antMatchers( "/coreqi-signIn.html" , "/code/image" , "/session/invalid" ).permitAll() //指定登录页面不需要身份认证

                    .anyRequest().authenticated()   //任何请求都需要身份认证

                    .and().csrf().disable()     //禁用CSRF

                .apply(smsCodeAuthenticationSecurityConfig);

            //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环

    }

}

?

1

2

3

4

5

6

    @GetMapping ( "/session/invalid" )

    @ResponseStatus (code = HttpStatus.UNAUTHORIZED)

    public SimpleResponse sessionInvalid(){

        String message = "session失效" ;

        return new SimpleResponse(message);

    }

设置Session失效的几种方式

如果是1.5.6版本

这里可以在application中加上bean文件

?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

package com.example.demo;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;

import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;

import org.springframework.context.annotation.Bean;

@SpringBootApplication

public class DemoApplication {undefined

public static void main(String[] args) {

     SpringApplication.run(DemoApplication. class , args);

}

//设置session过期时间

@Bean

public EmbeddedServletContainerCustomizer containerCustomizer() {

     return new EmbeddedServletContainerCustomizer() {

         public void customize(ConfigurableEmbeddedServletContainer container) {

             container.setSessionTimeout( 7200 ); // 单位为S

         }

     };

}

}

还可以设置

application.yml

?

1

2

3

4

5

server:

port: 8081

servlet:

session:

timeout: 60s

?

1

2

3

4

5

6

7

8

9

10

11

@RestController

public class HelloController {undefined

@PostMapping ( "test" )

public Integer getTest( @RequestParam ( "nyy" )String nn, HttpServletRequest httpServletRequest ){

     HttpSession session = httpServletRequest.getSession();

    session.setMaxInactiveInterval( 60 );

     int maxInactiveInterval = session.getMaxInactiveInterval();

     long lastAccessedTime = session.getLastAccessedTime();

     return maxInactiveInterval;

}

}

以上为个人经验,希望能给大家一个参考,也希望大家多多支持。

原文链接:https://www.cnblogs.com/fanqisoft/p/10658070.html

查看更多关于SpringBoot2.x设置Session失效时间及失效跳转方式的详细内容...

声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did194281
  阅读:27次

上一篇: Java中的随机数Random

下一篇:SpringBoot下实现session保持方式

相关资讯