CAS使用spring安全性注销会话超时

时间:2013-11-28 05:30:17

标签: java spring-security cas

在CAS中使用spring security时,在会话超时时调用cas logout的正确方法是什么,然后重定向到re-authenciate ??

 <security:http entry-point-ref="casAuthenticationEntryPoint" use-expressions="true">       
    <security:intercept-url pattern="/home" access="hasRole('ROLE_USER')"/>     

    <security:custom-filter after="CAS_FILTER" ref="casAuthenticationFilter" />
    <security:session-management session-authentication-strategy-ref="concurrentSessionControlStrategy" /> 
    <security:logout invalidate-session="true" logout-success-url="/cas-logout.jsp"/>       
 </security:http>

1 个答案:

答案 0 :(得分:0)

您可以按照link进行操作。您将看到此配置已在CAS中设置。默认情况下,用户的会话在闲置2小时后过期,如果您准确的话 此行为您必须定义存档

/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml