Java – spring security – expiredurl does not work

Java

I need to configure the expiration URL in my spring MVC application This is my effort, but it has no effect:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterBefore(adminAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(customerAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("...","...","...").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
                .loginPage("/admin/login")
        .and()
            .logout()
                .addlogoutHandler(customlogoutHandler())
                .logoutSuccessHandler(customlogoutSuccessHandler())
                .logoutUrl("/logout")
        .deleteCookies("remove")
        .invalidateHttpSession(true)
            .permitAll()
        .and()
        .sessionManagement()
            .maximumSessions(1)
            .expiredUrl("/expired");

}

This has no effect. When the user's session times out, spring will not redirect him to / expired URL and redirect him to / admin / login URL

to update:

I tried the suggested solution in my comments and answers, but I didn't see any effect In addition, I deleted addlogouthandler(), logoutsuccesshandler() and two addfilterbefore() at the beginning of the method, but they didn't work

I have also tried such a solution:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterBefore(sessionManagementFilter(),SessionManagementFilter.class)
        .csrf()
            .disable()
        .authorizeRequests()
            .antMatchers("...","...").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
                .loginPage("/admin/login")
        .and()
            .logout()
                .logoutUrl("/logout")
        .deleteCookies("remove")
        .invalidateHttpSession(true)
            .permitAll();
}

@Bean
public SessionManagementFilter sessionManagementFilter() {
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(httpSessionSecurityContextRepository());
    sessionManagementFilter.setInvalidSessionStrategy(simpleRedirectInvalidSessionStrategy());
    return sessionManagementFilter;
}

@Bean
public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() {
    SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy = new SimpleRedirectInvalidSessionStrategy("/expired");
    return simpleRedirectInvalidSessionStrategy;
}

@Bean
public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository(){
    HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
    return httpSessionSecurityContextRepository;
}

Can someone help me solve this problem?

Solution

I tried Ali dehghani's solution in this way (in the comments):

.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/expired");

As the coder said, add "/ expired" to the allowed URL to solve the problem I would like to thank all those who pay attention to my problems, especially Ali dehghani and the coder. Their opinions are very helpful

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>