Java Spring security没有';t在会话超时后重定向到上次请求的页面登录
我在应用程序中使用了SpringSecurity4.2.2.Release。一旦超时发生,然后用户单击任何URL,它将被重定向到注销页面,一旦身份验证成功,它将重定向到默认主页,而不是请求的页面 web xml如下所示:Java Spring security没有';t在会话超时后重定向到上次请求的页面登录,java,spring,jakarta-ee,spring-security,Java,Spring,Jakarta Ee,Spring Security,我在应用程序中使用了SpringSecurity4.2.2.Release。一旦超时发生,然后用户单击任何URL,它将被重定向到注销页面,一旦身份验证成功,它将重定向到默认主页,而不是请求的页面 web xml如下所示: <bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<bean id="logoutSuccessHandler"
class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="useReferer" value="true"/>
</bean>
<security:form-login
login-page="/login"
authentication-failure-url="/login_error"
username-parameter="username"
password-parameter="password"
default-target-url="/home"
always-use-default-target="false"
/>
一旦验证正确,我希望它重定向到请求的页面。我已经读到,Spring Security默认提供了此功能。但它不起作用,所以我尝试使用SimpleAllogoutsAccessHandler实现。但还是找不到解决办法。那么这里会出什么问题呢?好吧,您需要实现
SimpleRuthenticationSuccessHandler
。这将帮助您处理重定向
<http>
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login authentication-success-handler-ref="refererHandler" />
</http>
<beans:bean
class="RefererRedirectionAuthenticationSuccessHandler"
name="refererHandler"/>
首先启用并发会话控制支持是在
web.xml
中添加以下侦听器:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
对应的Java代码:
@Audit(option = "Session Expire", action = "Session Expired")
@RequestMapping(value = "/sessionexpiredPage.htm")
public ModelAndView sessionExpired(HttpSession session, HttpServletRequest request) {
clLogger.logMethodEntry("sessionexpiredPage");
ModelAndView model = new ModelAndView();
String userId = (String) session.getAttribute("USER_ID");
if(userId == null) {
model.setViewName("sessionexpiredPage");
}else {
model.setViewName("getHomePage");
}
clLogger.logMethodExit("sessionexpiredPage");
return model;
}
我这么做了,但还是不行。这不需要重写“configure(HttpSecurity-http)”方法吗?
<session-management invalid-session-url="/sessionexpiredPage.htm" session-authentication-error-url="/forms/common/login.jsp?error=alreadyLoggedin" session-fixation-protection="none" >
<concurrency-control expired-url="/sessionexpiredPage.htm" max-sessions="5" error-if-maximum-exceeded="true" />
</session-management>
@Audit(option = "Session Expire", action = "Session Expired")
@RequestMapping(value = "/sessionexpiredPage.htm")
public ModelAndView sessionExpired(HttpSession session, HttpServletRequest request) {
clLogger.logMethodEntry("sessionexpiredPage");
ModelAndView model = new ModelAndView();
String userId = (String) session.getAttribute("USER_ID");
if(userId == null) {
model.setViewName("sessionexpiredPage");
}else {
model.setViewName("getHomePage");
}
clLogger.logMethodExit("sessionexpiredPage");
return model;
}