Java 会话不';春天不存在
我正在使用spring boot开发一个应用程序,这里我想显示登录用户的“名称和图像”,因此我使用会话在身份验证后传递名称和图像。如果任何用户(在登录页面中)输入用户凭据,或者如果任何登录用户直接键入URL几分钟(www.abc.com/this/URL),则此操作有效。但几分钟后,会话名称和图像不可见(会话已过期),但其他功能正在使用该会话。我的代码是Java 会话不';春天不存在,java,spring,spring-mvc,session,spring-boot,Java,Spring,Spring Mvc,Session,Spring Boot,我正在使用spring boot开发一个应用程序,这里我想显示登录用户的“名称和图像”,因此我使用会话在身份验证后传递名称和图像。如果任何用户(在登录页面中)输入用户凭据,或者如果任何登录用户直接键入URL几分钟(www.abc.com/this/URL),则此操作有效。但几分钟后,会话名称和图像不可见(会话已过期),但其他功能正在使用该会话。我的代码是 @Component public class SecurityHandler implements AuthenticationSucces
@Component
public class SecurityHandler implements AuthenticationSuccessHandler{
@Autowired
private UserService userService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
HttpSession session = request.getSession();
String userName = null;
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
userName = ((UserDetails) principal).getUsername();
} else {
userName = principal.toString();
}
User user = userService.findBySSO(userName);
session.setAttribute("userName", user.getFirstName());
session.setAttribute("imgPathh", user.getImagePath());
response.sendRedirect(request.getContextPath()+"/dashboard/index");
}
}
<h2><c:out value="${userName }"></c:out></h2>
这叫做会话超时 一旦会话超时或过期,就到此为止 用户在服务器中不再有任何会话 用户必须再次登录
如果希望会话超时保留更长时间,请尝试更改会话超时。是否使用
spring security是什么意思,但其他功能正在使用该会话userNameimgpath@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
PersistentTokenRepository tokenRepository;
@Autowired
SecurityHandler securityHandler;
@Autowired
HttpSession session;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers() // antmachers
.and().formLogin().loginPage("/login").successHandler(securityHandler).loginProcessingUrl("/login").usernameParameter("ssoId").passwordParameter("password")
.and().rememberMe().rememberMeParameter("remember-me").tokenRepository(tokenRepository)
.tokenValiditySeconds(86400).and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied")
.and()
.sessionManagement().sessionFixation().migrateSession()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); //always, IF_REQUIRED,never ,stateless
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.invalidateHttpSession(true)
.permitAll();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
authenticationProvider.setHideUserNotFoundExceptions(false);
System.out.println("Error in DaoAuthenticationProvider");
return authenticationProvider;
}
@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
"remember-me", userDetailsService, tokenRepository);
System.out.println("Error in PersistentTokenBasedRememberMeServices");
return tokenBasedservice;
}
@Bean
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
System.out.println("Error in AuthenticationTrustResolver");
return new AuthenticationTrustResolverImpl();
}
}