发表新帖
发表新帖

How to set a custom invalid session strategy in Spring Security

前端 未结
关注
3 699
心在旅途
心在旅途 2021-01-05 09:06

I\'m developing a web application, based on Spring-Boot - 1.1.6, Spring -Security -3.2.5 and more.

I\'m using Java based configuration:

@Configuratio
3条回答
  • 渐次进展
    渐次进展 (楼主)
    2021-01-05 09:52

    Using SpringBoot this works for me:

    @Configuration
@EnableWebSecurity
public class UISecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ...
        http.addFilterAfter(expiredSessionFilter(), SessionManagementFilter.class);
        ...
    }

    private Filter expiredSessionFilter() {
        SessionManagementFilter smf = new SessionManagementFilter(new HttpSessionSecurityContextRepository());
        smf.setInvalidSessionStrategy((request, response) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session go BOOM!"));               
        return smf;
    }
}

    0 讨论(0)
 看不清?
提交回复
热议问题