Java Spring security没有'；t在会话超时后重定向到上次请求的页面登录_Java_Spring_Jakarta Ee_Spring Security

Java Spring security没有'；t在会话超时后重定向到上次请求的页面登录

java spring jakarta-ee spring-security

Java Spring security没有'；t在会话超时后重定向到上次请求的页面登录,java,spring,jakarta-ee,spring-security,Java,Spring,Jakarta Ee,Spring Security,我在应用程序中使用了SpringSecurity4.2.2.Release。一旦超时发生，然后用户单击任何URL，它将被重定向到注销页面，一旦身份验证成功，它将重定向到默认主页，而不是请求的页面 web xml如下所示： <bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">

我在应用程序中使用了SpringSecurity4.2.2.Release。一旦超时发生，然后用户单击任何URL，它将被重定向到注销页面，一旦身份验证成功，它将重定向到默认主页，而不是请求的页面

web xml如下所示：

<bean id="logoutSuccessHandler"
         class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
         <property name="useReferer" value="true"/>
     </bean>


    <security:form-login
            login-page="/login"
            authentication-failure-url="/login_error"
            username-parameter="username"
            password-parameter="password"
            default-target-url="/home"
            always-use-default-target="false"
            />

一旦验证正确，我希望它重定向到请求的页面。我已经读到，Spring Security默认提供了此功能。但它不起作用，所以我尝试使用SimpleAllogoutsAccessHandler实现。但还是找不到解决办法。那么这里会出什么问题呢？

好吧，您需要实现

SimpleRuthenticationSuccessHandler

。这将帮助您处理重定向

    <http>
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <form-login authentication-success-handler-ref="refererHandler" />
</http>

<beans:bean
  class="RefererRedirectionAuthenticationSuccessHandler"
  name="refererHandler"/>

首先启用并发会话控制支持是在

web.xml

中添加以下侦听器：

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
  </listener>

  <session-config>
    <session-timeout>30</session-timeout>
  </session-config>

对应的Java代码：

@Audit(option = "Session Expire", action = "Session Expired")
    @RequestMapping(value = "/sessionexpiredPage.htm")
    public ModelAndView sessionExpired(HttpSession session, HttpServletRequest request) {
        clLogger.logMethodEntry("sessionexpiredPage");
        ModelAndView model = new ModelAndView();
        String userId = (String) session.getAttribute("USER_ID");
        if(userId == null) {
            model.setViewName("sessionexpiredPage");
        }else {
            model.setViewName("getHomePage");
        }
        clLogger.logMethodExit("sessionexpiredPage");
        return model;

    }

我这么做了，但还是不行。这不需要重写“configure（HttpSecurity-http）”方法吗？

<session-management invalid-session-url="/sessionexpiredPage.htm" session-authentication-error-url="/forms/common/login.jsp?error=alreadyLoggedin" session-fixation-protection="none" >
            <concurrency-control expired-url="/sessionexpiredPage.htm" max-sessions="5" error-if-maximum-exceeded="true"  />
        </session-management>

@Audit(option = "Session Expire", action = "Session Expired")
    @RequestMapping(value = "/sessionexpiredPage.htm")
    public ModelAndView sessionExpired(HttpSession session, HttpServletRequest request) {
        clLogger.logMethodEntry("sessionexpiredPage");
        ModelAndView model = new ModelAndView();
        String userId = (String) session.getAttribute("USER_ID");
        if(userId == null) {
            model.setViewName("sessionexpiredPage");
        }else {
            model.setViewName("getHomePage");
        }
        clLogger.logMethodExit("sessionexpiredPage");
        return model;

    }