Java 添加web.xml配置时,会话始终在春季过期
我有一个使用SpringMVC和SpringSecurity的web应用程序。当我将以下配置添加到我的web.xml中时,就不可能进行登录,它只是让会话过期,我无法进行身份验证:Java 添加web.xml配置时,会话始终在春季过期,java,spring,session,spring-mvc,spring-security,Java,Spring,Session,Spring Mvc,Spring Security,我有一个使用SpringMVC和SpringSecurity的web应用程序。当我将以下配置添加到我的web.xml中时,就不可能进行登录,它只是让会话过期,我无法进行身份验证: <session-config> <session-timeout>15</session-timeout> <cookie-config> <http-only>true</http-only>
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
<max-age>31536000</max-age>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
15
符合事实的
符合事实的
31536000
曲奇
如果我删除以下内容,则可以正常工作:
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
<max-age>31536000</max-age>
</cookie-config>
符合事实的
符合事实的
31536000
与Spring配置有冲突吗?以下是我的spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<context:component-scan base-package="com.blank.controller"/>
<global-method-security secured-annotations="enabled"/>
<http auto-config="false" use-expressions="true">
<intercept-url pattern="/usuario**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/usuario/**" access="hasRole('ROLE_USER')" />
<!-- Access denied page -->
<access-denied-handler error-page="/403" />
<form-login login-page="/login" default-target-url="/index"
always-use-default-target="true" authentication-failure-url="/login?error"
username-parameter="username" password-parameter="password" />
<logout logout-success-url="/login?logout" invalidate-session="true" delete-cookies="JSESSIONID" />
<!-- Proteção contra Cross Site Request Forgery (CSRF) -->
<csrf />
<session-management invalid-session-url="/invalidate.do" session-fixation-protection="migrateSession" session-authentication-error-url="/login?error">
<concurrency-control error-if-maximum-exceeded="true" expired-url="/login?expire" max-sessions="1"/>
</session-management>
<remember-me key="terror-key"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select usuario as username, senha as password, ativo as enabled from usuario where usuario = ?"
authorities-by-username-query="select u.usuario as username, r.nome as perfil from usuario u, perfil r, usuario_perfil ur where ur.usuario = u.id and ur.perfil = r.id and u.usuario = ?" />
<password-encoder ref="encoder" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
</beans:beans>
有什么想法吗
提前感谢。经过一些研究,我意识到这只适用于启用HTTPS的情况