SpringBoot2.x如何设置Session失效时间及失效跳转

魁首哥
魁首哥
作者

SpringBoot2.x如何设置Session失效时间及失效跳转

这篇文章给大家分享的是有关SpringBoot2.x如何设置Session失效时间及失效跳转的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。

设置Session失效时间及失效跳转

#Session超时时间设置,单位是秒,默认是30分钟server.servlet.session.timeout=10

然而并没有什么用,因为SpringBoot在TomcatServletWebServerFactory代码中写了这个

privatelonggetSessionTimeoutInMinutes(){DurationsessionTimeout=this.getSession().getTimeout();returnthis.isZeroOrLess(sessionTimeout)?0L:Math.max(sessionTimeout.toMinutes(),1L);}

如果说某些人看不懂 Duration 这个类是什么,我不推荐你接着看下去了,因为没有什么帮助。

Session失效后如何跳转到Session失效地址

packagecn.coreqi.security.config;importcn.coreqi.security.Filter.SmsCodeFilter;importcn.coreqi.security.Filter.ValidateCodeFilter;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.config.annotation.web.builders.HttpSecurity;importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;importorg.springframework.security.crypto.password.NoOpPasswordEncoder;importorg.springframework.security.crypto.password.PasswordEncoder;importorg.springframework.security.web.authentication.AuthenticationFailureHandler;importorg.springframework.security.web.authentication.AuthenticationSuccessHandler;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@ConfigurationpublicclassWebSecurityConfigextendsWebSecurityConfigurerAdapter{@AutowiredprivateAuthenticationSuccessHandlercoreqiAuthenticationSuccessHandler;@AutowiredprivateAuthenticationFailureHandlercoreqiAuthenticationFailureHandler;@AutowiredprivateSmsCodeAuthenticationSecurityConfigsmsCodeAuthenticationSecurityConfig;@BeanpublicPasswordEncoderpasswordEncoder(){returnNoOpPasswordEncoder.getInstance();}@Overrideprotectedvoidconfigure(HttpSecurityhttp)throwsException{ValidateCodeFiltervalidateCodeFilter=newValidateCodeFilter();validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);SmsCodeFiltersmsCodeFilter=newSmsCodeFilter();//http.httpBasic()//httpBasic登录BasicAuthenticationFilterhttp.addFilterBefore(smsCodeFilter,UsernamePasswordAuthenticationFilter.class)//加载用户名密码过滤器的前面.addFilterBefore(validateCodeFilter,UsernamePasswordAuthenticationFilter.class)//加载用户名密码过滤器的前面.formLogin()//表单登录UsernamePasswordAuthenticationFilter.loginPage("/coreqi-signIn.html")//指定登录页面//.loginPage("/authentication/require").loginProcessingUrl("/authentication/form")//指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址.successHandler(coreqiAuthenticationSuccessHandler)//登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。.failureHandler(coreqiAuthenticationFailureHandler)//自己体会把.and().sessionManagement().invalidSessionUrl("session/invalid")//session过期后跳转的URL.and().authorizeRequests()//对授权请求进行配置.antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll()//指定登录页面不需要身份认证.anyRequest().authenticated()//任何请求都需要身份认证.and().csrf().disable()//禁用CSRF.apply(smsCodeAuthenticationSecurityConfig);//FilterSecurityInterceptor整个SpringSecurity过滤器链的最后一环}}

@GetMapping("/session/invalid")@ResponseStatus(code=HttpStatus.UNAUTHORIZED)publicSimpleResponsesessionInvalid(){Stringmessage="session失效";returnnewSimpleResponse(message);}

设置Session失效的几种方式

如果是1.5.6版本

这里可以在application中加上bean文件

packagecom.example.demo;importorg.springframework.boot.SpringApplication;importorg.springframework.boot.autoconfigure.SpringBootApplication;importorg.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;importorg.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;importorg.springframework.context.annotation.Bean;@SpringBootApplicationpublicclassDemoApplication{undefinedpublicstaticvoidmain(String[]args){SpringApplication.run(DemoApplication.class,args);}//设置session过期时间@BeanpublicEmbeddedServletContainerCustomizercontainerCustomizer(){returnnewEmbeddedServletContainerCustomizer(){publicvoidcustomize(ConfigurableEmbeddedServletContainercontainer){container.setSessionTimeout(7200);//单位为S}};}}

还可以设置

application.yml

server:port:8081servlet:session:timeout:60s

@RestControllerpublicclassHelloController{undefined@PostMapping("test")publicIntegergetTest(@RequestParam("nyy")Stringnn,HttpServletRequesthttpServletRequest){HttpSessionsession=httpServletRequest.getSession();session.setMaxInactiveInterval(60);intmaxInactiveInterval=session.getMaxInactiveInterval();longlastAccessedTime=session.getLastAccessedTime();returnmaxInactiveInterval;}}

感谢各位的阅读!关于“SpringBoot2.x如何设置Session失效时间及失效跳转”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!

阅读全文
发布于 2022-03-17 21:18:30
springbootsession
收藏
分享
海报
0 条评论
29
上一篇:Python Pygame怎么实现塔防游戏 下一篇:pytorch中的view()函数怎么使用
目录

    推荐阅读

    0 条评论

    本站已关闭游客评论,请登录或者注册后再评论吧~

    忘记密码?

    图形验证码