您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
这篇文章给大家分享的是有关SpringBoot2.x如何设置Session失效时间及失效跳转的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
#Session超时时间设置,单位是秒,默认是30分钟 server.servlet.session.timeout=10
然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个
private long getSessionTimeoutInMinutes() { Duration sessionTimeout = this.getSession().getTimeout(); return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L); }
如果说某些人看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。
package cn.coreqi.security.config; import cn.coreqi.security.Filter.SmsCodeFilter; import cn.coreqi.security.Filter.ValidateCodeFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler; @Autowired private AuthenticationFailureHandler coreqiAuthenticationFailureHandler; @Autowired private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig; @Bean public PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(HttpSecurity http) throws Exception { ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter(); validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler); SmsCodeFilter smsCodeFilter = new SmsCodeFilter(); //http.httpBasic() //httpBasic登录 BasicAuthenticationFilter http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面 .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) //加载用户名密码过滤器的前面 .formLogin() //表单登录 UsernamePasswordAuthenticationFilter .loginPage("/coreqi-signIn.html") //指定登录页面 //.loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址 .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。 .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把 .and() .sessionManagement() .invalidSessionUrl("session/invalid") //session过期后跳转的URL .and() .authorizeRequests() //对授权请求进行配置 .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证 .anyRequest().authenticated() //任何请求都需要身份认证 .and().csrf().disable() //禁用CSRF .apply(smsCodeAuthenticationSecurityConfig); //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环 } }
@GetMapping("/session/invalid") @ResponseStatus(code = HttpStatus.UNAUTHORIZED) public SimpleResponse sessionInvalid(){ String message = "session失效"; return new SimpleResponse(message); }
这里可以在application中加上bean文件
package com.example.demo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer; import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer; import org.springframework.context.annotation.Bean; @SpringBootApplication public class DemoApplication {undefined public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } //设置session过期时间 @Bean public EmbeddedServletContainerCustomizer containerCustomizer() { return new EmbeddedServletContainerCustomizer() { public void customize(ConfigurableEmbeddedServletContainer container) { container.setSessionTimeout(7200);// 单位为S } }; } }
application.yml
server: port: 8081 servlet: session: timeout: 60s
@RestController public class HelloController {undefined @PostMapping("test") public Integer getTest(@RequestParam("nyy")String nn, HttpServletRequest httpServletRequest ){ HttpSession session = httpServletRequest.getSession(); session.setMaxInactiveInterval(60); int maxInactiveInterval = session.getMaxInactiveInterval(); long lastAccessedTime = session.getLastAccessedTime(); return maxInactiveInterval; } }
感谢各位的阅读!关于“SpringBoot2.x如何设置Session失效时间及失效跳转”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。