发表新帖
发表新帖

Spring-boot Spring-Security session timeout

后端 未结
关注
5 614
长发绾君心
长发绾君心 2020-12-09 05:52

UPDATED QUESTION:

I have a spring-boot 1.1.3.RELEASE project that is using EmbeddedTomcat and Spring-Security. I posted this a while back

5条回答
  • 温柔的废话
    温柔的废话 (楼主)
    2020-12-09 06:07

    I suggest you take a look at this which explains how to modify the embedded tomcat. Instead of trying to bootstrap your own container let spring boot do that and use a EmbeddedServletContainerCustomizer to modify what you need. 

    public class SessionTimeoutEmbeddedServletContainerCustomizer implements EmbeddedServletContainerCustomizer {
    @Override
    public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
        TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) configurableEmbeddedServletContainer;
        tomcat.setSessionTimeout(30, TimeUnit.MINUTES);
        tomcat.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/notfound.html"));
    }
}

    Then remove your container from the configuration and replace it with a @Bean method constructing this customizer. (I would probably add it as a @Bean method to the starter class, that way you have everything related to bootstrapping the application in one class!). 

    @Configuration
public class OFAConfiguration {

    @Bean
    public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
        return new SessionTimeoutEmbeddedServletContainerCustomizer();
    }
}

    The advantage of this is that Spring Boot still does all its magic with the servlet container and you only modify what is needed.

    Some other things I noticed first your dependencies are a bit of a mess and your configuration contains to much.

    Dependencies

    1. You are mxing Spring Boot 1.0.1 and 1.1.1 and probably also 1.1.3, fix this mixture to prevent weird dependency issues.
    2. YOu include spring-orm version 4.0.0.RC1 whilst this is already on version 4.0.5 and provided by the spring-boot-starter-data-jpa dependency, remove it.

    Configuration

    Your configuration contains multiple @EnableJpaRepositories which you can remove as Spring Boot detects the presence of Spring Data JPA and will enable this for you as well as the @EnableTransactionManagement

    Your main class extends WebMvcConfigurerAdapter which shouldn't be needed as this is also detected and configured by Spring Boot. 

    @ComponentScan
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class OFAC {
    public static void main(String[] args) {
        ApplicationContext ofac = SpringApplication.run( OFAC.class, args );
    }
}

    This should be all you need for your starter class.

    0 讨论(0)
 看不清?
提交回复
热议问题