Spring Security - 等同于' create-session ="从不"'

时间:2016-01-18 13:24:24

标签: spring-security spring-boot

我使用基于XML的配置使用Spring Security开发了几个Java应用程序。

这次应用程序基于Spring Boot 1.3.0,并使用基于API的配置而不是基于XML的配置。

我找不到相当于 create-session =&#34; never&#34; (使用&#39; never&#39;或任何其他值)的API,例如:< / p> 

<sec:http create-session="never" ...>
    ...
</sec:http>

有没有办法设置这个,从下一节课开始? 

@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ...
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        ...
    }
}

感谢您的时间。

2 个答案:

答案 0 :(得分:3)

请参阅http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#sessionManagement-- 

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

答案 1 :(得分:2)

您可以通过在application.properties中设置属性来指定它。 您可以在docs找到spring boot安全属性。

<击> 
# ----------------------------------------
# SECURITY PROPERTIES
# ----------------------------------------
# SECURITY (SecurityProperties)
security.basic.authorize-mode=role # Security authorize mode to apply.
security.basic.enabled=true # Enable basic authentication.
security.basic.path=/** # Comma-separated list of paths to secure.
security.basic.realm=Spring # HTTP basic realm name.
security.enable-csrf=false # Enable Cross Site Request Forgery support.
security.filter-order=0 # Security filter chain order.
security.filter-dispatcher-types=ASYNC, FORWARD, INCLUDE, REQUEST # Security filter chain dispatcher types.
security.headers.cache=true # Enable cache control HTTP headers.
security.headers.content-type=true # Enable "X-Content-Type-Options" header.
security.headers.frame=true # Enable "X-Frame-Options" header.
security.headers.hsts= # HTTP Strict Transport Security (HSTS) mode (none, domain, all).
security.headers.xss=true # Enable cross site scripting (XSS) protection.
security.ignored= # Comma-separated list of paths to exclude from the default secured paths.
security.require-ssl=false # Enable secure channel for all requests.
security.sessions=stateless # Session creation policy (always, never, if_required, stateless).
security.user.name=user # Default user name.
security.user.password= # Password for the default user name. A random password is logged on startup by default.
security.user.role=USER # Granted roles for the default user name.

只需将security.sessions设置为符合您需要的值

这不再有效。有关详细信息,请参阅MariuszS评论。

相关问题
最新问题