如何使用Spring Security自动注销

如何使用安全配置。?? 我希望下面的配置：会工作。

applicationContext.xml中

  --namespace-> xmlns:security="http://www.springframework.org/schema/security"   

web.xml中

    30   

而他们，你需要编写自己的，因为success-handler-ref =“Logout”是注销的自定义处理程序：
注销 @Component

 public class Logout extends SimpleUrlLogoutSuccessHandler { @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if (authentication != null) { // do something } setDefaultTargetUrl("/login"); super.onLogoutSuccess(request, response, authentication); } } 

您可以通过将其放在web.xml中来使用全局超时值：

  30  

这是我用过的教程。 有java脚本和服务器端代码。 服务器将计算会话何时到期并将其作为cookie发回。 然后java脚本将每隔10秒检查一次是否过期，如果是，则它将是window.close（）。 http://www.javaworld.com/article/2073234/tracking-session-expiration-in-browser.html

这是我实现它的方式

SessionTimeout.js

 /** * Monitor the session timeout cookie from Apache and log the user out when expired */ "use strict"; var jQuery = require("jquery").noConflict(); var jsCookie = require("js-cookie"); module.exports.registerListener = function() { calcOffset(); checkSession(); }; /** * We can't assume the server time and client time are the same * so lets calcuate the difference */ function calcOffset() { var serverTime = jsCookie.get('serverTime'); serverTime = serverTime==null ? null : Math.abs(serverTime); var clientTimeOffset = (new Date()).getTime() - serverTime; jsCookie.set('clientTimeOffset', clientTimeOffset); } /** * Check the sessionExpiry cookie and see if we should send the user to / */ function checkSession() { var sessionExpiry = Math.abs(jsCookie.get('sessionExpiry')); var timeOffset = Math.abs(jsCookie.get('clientTimeOffset')); var localTime = (new Date()).getTime(); if(!sessionExpiry){ window.console.log("Unknown session sessionExpiry"); return; } if (localTime - timeOffset > (sessionExpiry+15000)) { // 15 extra seconds to make sure window.location = "/login"; jsCookie.remove('sessionExpiry'); } else { setTimeout('checkSession()', 10000); } window.console.log("Session expires in " + ((sessionExpiry+15000) - localTime - timeOffset) + "ms"); } window.checkSession = checkSession; //Used for recalling via setTimeout 

SessionTimeoutCookieFilter.java

 public class SessionTimeoutCookieFilter implements Filter { private static final Logger LOG = LoggerFactory.getLogger(SessionTimeoutCookieFilter.class); @Override public void init(FilterConfig config) throws ServletException { LOG.info("Initialization SessionTimeoutCookieFilter"); } @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse httpResp = (HttpServletResponse) resp; HttpServletRequest httpReq = (HttpServletRequest) req; long currTime = System.currentTimeMillis(); String expiryTime = Long.toString(currTime + httpReq.getSession().getMaxInactiveInterval() * 1000); Cookie cookie = new Cookie("serverTime", Long.toString(currTime)); cookie.setPath("/"); httpResp.addCookie(cookie); if (httpReq.getRemoteUser() != null) { cookie = new Cookie("sessionExpiry", expiryTime); } cookie.setPath("/"); httpResp.addCookie(cookie); filterChain.doFilter(req, resp); } 

添加filter

 public class ApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { ... @Override protected Filter[] getServletFilters() { return new Filter[]{new SessionTimeoutCookieFilter()}; } } 

要在会话到期后重定向到登录页面，请在安全上下文中将“invalid-session-url”标记添加到“session-management”bean：

  ....  

在我的情况下，我正在重定向到错误登录页面，其中显示错误消息，我可以重新登录。 请注意，在会话到期时，您不会被自动重定向。 您需要单击页面的任何部分，这将触发重定向。