Spring Boot session timeout

前端未结

关注

 7  2079

隐瞒了意图╮ 2020-12-31 06:28

server.session-timeout seems to be working only for embedded tomcat.

I put a log statement to check the session max interval time. After deploying the

7条回答

既然无缘 (楼主)

2020-12-31 07:09

[Just in case someone finds this useful]

If you're using Spring Security you can extend the SimpleUrlAuthenticationSuccessHandler class and set the session timeout in the authentication success handler:

public class NoRedirectSavedRequestAwareAuthenticationSuccessHandler
       extends SimpleUrlAuthenticationSuccessHandler {

    public final Integer SESSION_TIMEOUT_IN_SECONDS = 60 * 30;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
                                        HttpServletResponse response,
                                        Authentication authentication)
                                        throws ServletException, IOException {

        request.getSession().setMaxInactiveInterval(SESSION_TIMEOUT_IN_SECONDS);

        // ...
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .loginProcessingUrl("/login")
            .successHandler(new NoRedirectSavedRequestAwareAuthenticationSuccessHandler())
            .failureHandler(new SimpleUrlAuthenticationFailureHandler())
            .and().httpBasic();
    }

}

0 讨论(0)

查看其它7个回答