【发布时间】:2014-10-18 15:06:43
【问题描述】:
我不知道怎么做,但是会话超时非常短。据我所知,Spring Security 会话超时取决于默认服务器的会话配置。我发现 GlassFish 超时为 1800 秒(10 分钟)。但我认为会话每 5 分钟删除一次。这怎么可能发生? 这是我的 Spring Security 配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/adminRole/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/userRole/**" access="hasRole('ROLE_USER')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/"
default-target-url="/resolveRoles"
authentication-failure-url="/?error"
username-parameter="username"
password-parameter="password" />
<remember-me key="key" token-validity-seconds="2419200" />
<logout logout-success-url="/?logout" />
<!-- enable csrf protection -->
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha"/>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password, enabled from smsc.users where username=?"
authorities-by-username-query=
"select username, role from smsc.user_roles where username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
【问题讨论】:
-
正如您已经说过的那样,会话超时绑定到服务器而不是 Spring Security。在 tomcat 上(以及在 glassfish 上的 afaik)这是 30 分钟(不是 10 分钟)。如果这不同,那么您要么更改了默认值,要么在 web.xml 中重新配置了它。
标签: java spring session spring-mvc spring-security