Java Spring Security在新应用程序启动时重定向到无效会话url
我刚刚在web应用程序中配置了会话管理,但Spring一直重定向到会话管理中指定的无效会话url。在我尝试登录和会话过期之前在浏览器中启动contextPath时 以下是我的配置:Java Spring Security在新应用程序启动时重定向到无效会话url,java,spring,session,spring-mvc,spring-security,Java,Spring,Session,Spring Mvc,Spring Security,我刚刚在web应用程序中配置了会话管理,但Spring一直重定向到会话管理中指定的无效会话url。在我尝试登录和会话过期之前在浏览器中启动contextPath时 以下是我的配置: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xs
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login*" access="permitAll" />
<intercept-url pattern="/styles/calvary.css" access="permitAll" />
<intercept-url pattern="/styles/vendor/foundation.min.css" access="permitAll" />
<intercept-url pattern="/styles/vendor/normalize.css" access="permitAll" />
<intercept-url pattern="/styles/fonts/gothic.eot" access="permitAll" />
<intercept-url pattern="/styles/fonts/gothic.woff" access="permitAll" />
<intercept-url pattern="/styles/fonts/gothic.ttf" access="permitAll" />
<intercept-url pattern="/scripts/vendor/vendor/modernizr.js" access="permitAll" />
<intercept-url pattern="/scripts/vendor/vendor/jquery.js" access="permitAll" />
<intercept-url pattern="/scripts/vendor/foundation/foundation.min.js" access="permitAll" />
<intercept-url pattern="/scripts/vendor/foundation/foundation.abide.js" access="permitAll" />
<intercept-url pattern="/scripts/calvary.js" access="permitAll" />
<intercept-url pattern="/images/lg.png" access="permitAll" />
<intercept-url pattern="/images/red_indicator.gif" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login?error" username-parameter="username" password-parameter="password" />
<logout logout-success-url="/login?logout" invalidate-session="false" delete-cookies="JSESSIONID"/>
<csrf/>
<session-management session-authentication-error-url="/login?expire=3" invalid-session-url="/login?expire=3" session-fixation-protection="migrateSession">
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1" expired-url="/login?expire"/>
</session-management>
</http>
<authentication-manager>
<authentication-provider ref="calvaryLogger"/>
</authentication-manager>
<beans:bean name="calvaryLogger" class="com.apr.authenticator.CalvaryLogger" />
</beans:beans>
我将非常感谢您的帮助。
谢谢
编辑
下面是我的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/viewList/404.html</location>
</error-page>
</web-app>
调度员
org.springframework.web.servlet.DispatcherServlet
2.
调度员
/
1.
曲奇
redirect.jsp
上下文配置位置
/WEB-INF/applicationContext.xml
/WEB-INF/spring-security.xml
org.springframework.web.context.ContextLoaderListener
org.springframework.security.web.session.HttpSessionEventPublisher
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
404
/WEB-INF/viewList/404.html
似乎!创建会话时出错。请将您的配置映射到应用程序。我知道很久以前有人问过这个问题,但最近我遇到了这个问题
一旦用户注销并重新登录,Spring security似乎会将我的会话视为无效,并总是将我指向无效会话url
设置为的任何内容
我只是从xml中删除了这个设置,问题就消失了
因此,不是:
<session-management session-authentication-error-url="/login?expire=3" invalid-session-url="/login?expire=3" session-fixation-protection="migrateSession">
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1" expired-url="/login?expire"/>
</session-management>
尝试:
您可以发布上述场景的错误堆栈跟踪吗?没有任何错误堆栈跟踪,它正在驱动您2的无效url?无效会话url=“/login?expire=3”,同时,在用户尝试登录之前,这是一次新的启动尝试。您配置了Spring Security Filter吗?似乎没有出路!我必须删除invalidSessionUrl
。
<session-management session-authentication-error-url="/login?expire=3" session-fixation-protection="migrateSession">
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1" expired-url="/login?expire"/>
</session-management>