首页 > 软件编程 > java > 设置Session失效时间及失效跳转

SpringBoot2.x设置Session失效时间及失效跳转方式

2022-03-17 11:05:43 作者：奇

这篇文章主要介绍了SpringBoot2.x设置Session失效时间及失效跳转方式，具有很好的参考价值，希望对大家有所帮助。如有错误或未考虑完全的地方，望不吝赐教

设置Session失效时间及失效跳转

#Session超时时间设置，单位是秒，默认是30分钟
 server.servlet.session.timeout=10

然而并没有什么用，因为SpringBoot在TomcatServletWebServerFactory代码中写了这个

    private long getSessionTimeoutInMinutes() {
        Duration sessionTimeout = this.getSession().getTimeout();
        return this.isZeroOrLess(sessionTimeout) ? 0L : Math.max(sessionTimeout.toMinutes(), 1L);
    }

如果说某些人看不懂 Duration 这个类是什么，我不推荐你接着看下去了，因为没有什么帮助。

Session失效后如何跳转到Session失效地址

package cn.coreqi.security.config; 
import cn.coreqi.security.Filter.SmsCodeFilter;
import cn.coreqi.security.Filter.ValidateCodeFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;
    @Autowired
    private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;
    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
        validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);
        SmsCodeFilter smsCodeFilter = new SmsCodeFilter();
        //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter
        http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                .addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面
                .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter
                    .loginPage("/coreqi-signIn.html")  //指定登录页面
                    //.loginPage("/authentication/require")
                    .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址
                    .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器，不用Spring默认的。
                    .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把
                .and()
                .sessionManagement()
                    .invalidSessionUrl("session/invalid")    //session过期后跳转的URL
                .and()
                .authorizeRequests()    //对授权请求进行配置
                    .antMatchers("/coreqi-signIn.html","/code/image","/session/invalid").permitAll() //指定登录页面不需要身份认证
                    .anyRequest().authenticated()  //任何请求都需要身份认证
                    .and().csrf().disable()    //禁用CSRF
                .apply(smsCodeAuthenticationSecurityConfig);
            //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环
    }
}

    @GetMapping("/session/invalid")
    @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
    public SimpleResponse sessionInvalid(){
        String message = "session失效";
        return new SimpleResponse(message);
    }

设置Session失效的几种方式

如果是1.5.6版本

这里可以在application中加上bean文件

package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;
import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class DemoApplication {undefined
public static void main(String[] args) {
    SpringApplication.run(DemoApplication.class, args);
}
//设置session过期时间
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
    return new EmbeddedServletContainerCustomizer() {
        public void customize(ConfigurableEmbeddedServletContainer container) {
            container.setSessionTimeout(7200);// 单位为S
        }
    };
}
}

还可以设置

application.yml

server:
port: 8081
servlet:
session:
timeout: 60s

@RestController
public class HelloController {undefined
@PostMapping("test")
public Integer getTest(@RequestParam("nyy")String nn, HttpServletRequest httpServletRequest ){
    HttpSession session = httpServletRequest.getSession();
   session.setMaxInactiveInterval(60);
    int maxInactiveInterval = session.getMaxInactiveInterval();
    long lastAccessedTime = session.getLastAccessedTime();
    return maxInactiveInterval;
}
}

以上为个人经验，希望能给大家一个参考，也希望大家多多支持脚本之家。