嗨,我是Spring Security的新手,我正在进行登录,注销和会话超时功能.我通过引用此文档配置了我的代码,我的代码如下所示.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/**")
.access("hasRole('ROLE_USER')").and().formLogin()
.loginPage("/login").failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.and().logout().logoutSuccessUrl("/login?logout").and().csrf();
http.sessionManagement().maximumSessions(1).expiredUrl("/login?expired");
}
重写AbstractSecurityWebApplicationInitializer类
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
@Override
public boolean enableHttpSessionEventPublisher() {
return true;
}
}
我还需要澄清我是否正确,如果它看起来不错,那么我需要在哪里设置会话超时.我是基于注释完全做到的.