我需要在spring安全性中实现会话管理,但是在tomcat上部署应用程序时遇到错误。应用程序正在尝试从属性文件中获取invalid-session-url和expired-url属性值,但是在耗尽时会出现错误。
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:intercept-url pattern="/*" access="ROLE_USER"/>
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="#{CAS_server}/logout?service=#{CAS_application}/" delete-cookies="JSESSIONID"/>
<security:session-management invalid-session-url="#{CAS_server}/logout?service=#{CAS_application}" session-fixation-protection="newSession" >
<security:concurrency-control max-sessions="1" expired-url="#{CAS_server}/logout?service=#{CAS_application}" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
我只在会话管理标记上收到此错误。任何人都有任何想法。
答案 0 :(得分:0)
快速配置Spring安全应用程序,我的配置包含以下内容,并且工作正常(请注意会话管理标记中的属性注入)
test.properties
mytestservice=MyApp
loginurl=/my-login.html
invalidsessionurl=/my-login.html
Spring安全配置
<bean id="webPropertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreResourceNotFound" value="true" />
<property name="ignoreUnresolvablePlaceholders" value="true" />
<property name="locations">
<list>
<value>classpath:test.properties</value>
</list>
</property>
</bean>
<security:http>
<security:intercept-url pattern="/my-login.jsp" access="permitAll" />
<security:intercept-url pattern="/**" access="hasRole('USER')" />
<security:form-login login-page="${loginurl}"
authentication-failure-url="${loginurl}?error" />
<security:http-basic />
<security:session-management invalid-session-url="${invalidsessionurl}/logout?service=${mytestservice}" session-fixation-protection="newSession" />
<security:logout />
</security:http>