我已为登录表单配置了spring security。一切正常,除了会话超时。 当会话超时我想重定向到登录页面。相反,我被重定向到主页。下面是我的安全xml的一部分。任何人都可以通过xml配置提出任何建议
<http auto-config="true" use-expressions="true">
<!-- This settings is for IE. Default this setting is on migrateSession.
When IE tries to migrate the session, the auth cookie does not migrate, resulting
in a nice login screen again, after you've logged in. This setting ensures
that the session will not be invalidated, and thus IE will still work as
expected. -->
<session-management session-fixation-protection="none" />
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/css/*" access="permitAll" />
<intercept-url pattern="/img/**" access="permitAll" />
<intercept-url pattern="/js/**" access="permitAll" />
<intercept-url pattern="/lib/**" access="permitAll" />
<intercept-url pattern="/fonts/**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check"
default-target-url="/index.html" always-use-default-target="true"
authentication-failure-url="/login?error=true" username-parameter="username"
password-parameter="password" authentication-failure-handler-ref="authenticationFailureHandler" />
<logout logout-success-url="/login.jsp" logout-url="/j_spring_security_logout" invalidate-session="true" />
<session-management>
<concurrency-control max-sessions="1" />
</session-management>
<session-management invalid-session-url="/login.jsp" />
<!-- disable csrf protection -->
<csrf disabled="true" />
</http>
我在web.xml中添加了超时
<session-config>
<session-timeout>1</session-timeout>
</session-config>