Fatal编程技术网
  • java/
  • Java 如何使用Spring3.2在会话超时时重定向到登录页面

Java 如何使用Spring3.2在会话超时时重定向到登录页面

java spring session

Java 如何使用Spring3.2在会话超时时重定向到登录页面,java,spring,session,Java,Spring,Session,我在我的安全上下文中有以下配置 <global-method-security pre-post-annotations="enabled" secured-annotations="enabled"> <!-- <expression-handler ref="expressionHandler"/> --> </global-method-security> <security:http pattern="/pages/

我在我的安全上下文中有以下配置

<global-method-security pre-post-annotations="enabled"
    secured-annotations="enabled">
    <!-- <expression-handler ref="expressionHandler"/> -->
</global-method-security>

<security:http pattern="/pages/common/UnAuthorized.html*"
    security="none" />
<security:http pattern="/resources/images/*" security="none" />
<security:http pattern="/Logout.html*"
    security="none" />
<security:http pattern="/SessionTimeout.html*"
    security="none" />

<security:http auto-config="false" use-expressions="true"
    entry-point-ref="http403EntryPoint">
    <security:intercept-url pattern="/**"
        access="fullyAuthenticated" />
    <security:custom-filter position="PRE_AUTH_FILTER"
        ref="siteminderFilter" />
    <security:logout delete-cookies="JSESSIONID,SMSESSION"
        invalidate-session="true" logout-url="/logout" logout-success-url="/Logout.html" />
    <security:session-management
        invalid-session-url="/SessionTimeout.html">
         <security:concurrency-control expired-url="/pages/common/SessionTimeout.html" />
    </security:session-management>
</security:http>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="customAuthenticationProvider">
    </security:authentication-provider>
</security:authentication-manager>

<beans:bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="http403EntryPoint"
    class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
并在web.xml中注册了一个事件以及会话超时配置

<session-config>
    <session-timeout>2</session-timeout>
    <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
    <filter-name>localDeploymentFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
 <filter>
 <filter-name>springSecurityFilterChain</filter-name>
<filter-class>
              org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<servlet>
 <servlet-name>spring-dispatcher</servlet-name>
  <servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
  <load-on-startup>1</load-on-startup>
</servlet>


2.
真的
真的
曲奇
org.springframework.security.web.session.HttpSessionEventPublisher
localDeploymentFilter
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
春季调度员
org.springframework.web.servlet.DispatcherServlet
1.
我不确定我在这里错过了什么。但是url没有被重定向到sessiontimeout页面

当我尝试调试springs代码时,我看到只调用了“RegisterSessionAuthenticationStrategy”,并且使用现有会话创建了新会话。我期待一些代码将重定向到会话到期URL。但是我在调试过程中没有发现任何错误

更新:
我使用Angular JS(单页应用程序),我们的应用程序没有登录屏幕。通过siteminder登录。

这可能会对您有所帮助。我是Spring新手,我们不使用Spring MVC。你能告诉我我是否还能用这个代码吗?这可能会对你有所帮助。我是Spring新手,我们不使用SpringMVC。你能告诉我我是否还能用这个密码吗?