当尝试使用spring-security将Spring会话添加到现有的Spring MVC项目时,我得到以下行为(编辑:将tomcat'会话超时设置为1分钟进行测试):
除此之外,一切似乎都按预期工作 - 会话持续在redis&跨webapp重新启动,并正确手动注销会使会话无效。
我的配置的一些片段 - 这里是spring-security的无效会话处理程序配置,这会导致过期的会话被重定向到登录页面:
...
<beans:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
<beans:constructor-arg name="securityContextRepository">
<beans:bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>
</beans:constructor-arg>
<beans:property name="invalidSessionStrategy">
<beans:bean class="my.CustomInvalidSessionStrategy"/>
</beans:property>
</beans:bean>
...
<http>
...
<custom-filter position="SESSION_MANAGEMENT_FILTER" ref="sessionManagementFilter"/>
...
<logout delete-cookies="true" invalidate-session="true" logout-url="/signout.html" success-handler-ref="logoutSuccessHandler"/>
</http>
web.xml的过滤器链如下所示:
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
加载的弹簧上下文文件(其中一个)包含:
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<bean class="org.springframework.security.web.session.HttpSessionEventPublisher"/>
<bean class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"/>
希望我只是错过了一些非常明显的东西!
编辑:我用于尝试的版本是 spring-security-4.0.4.RELEASE 和 spring-session-1.1.1.RELEASE
答案 0 :(得分:0)
使用Redis会话时,超时配置如下:
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration">
<property name="maxInactiveIntervalInSeconds" value="10"></property>
</bean>