当我每次调用request.getSession()给我新的会话ID时,在我的春季启动应用程序中启用HttpSessionStrategy时,但是好像我禁用HttpSessionStrategy一样,我的应用程序也可以正常工作。但是由于x-auth-token支持,我想启用它。非常感谢您的帮助。
Application.java
@SpringBootApplication
公共类AuthApp {
public static void main(String[] arguments) throws Throwable {
SpringApplication.run(AuthApp.class, args);
}
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
状态不匹配的代码块 如果我禁用httpsessionstrategy,我的应用程序可以正常运行,但我希望使用x-auth-token功能
受保护的身份验证handleAuthorizationCodeResponse(HttpServletRequest请求,HttpServletResponse响应){
String authorizationCode = request.getParameter("code");
HttpSession session = request.getSession();
// check for state, if it doesn't match we throw exception
String storedState = getStoredState(session);
String requestState = request.getParameter("state");
if (storedState == null || !storedState.equals(requestState)) {
throw new AuthenticationServiceException("State parameter mismatch on return. Expected " + storedState + " got " + requestState);
}