springboot security session redis使用（8）

1. 設定session的過期時間

server:
  servlet:
    session:
      timeout: 60
           

2.設定基于session的單點登入，逾時後登入的網址，逾時後的登入狀态，

http.sessionManagement().invalidSessionUrl("/invalid").maximumSessions(1).maxSessionsPreventsLogin(false).expiredSessionStrategy(new CustomExpiredSessionStrategy());
           

CustomExpiredSessionStrategy

package com.hanhuide.core.handler;

import com.alibaba.fastjson.JSON;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hanhuide.core.model.CustomResponseBody;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.session.SessionInformationExpiredEvent;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

import javax.servlet.ServletException;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

public class CustomExpiredSessionStrategy implements SessionInformationExpiredStrategy {
    private ObjectMapper objectMapper = new ObjectMapper();
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException, ServletException {
        event.getResponse().setContentType("application/json;charset=UTF-8");
//        CustomResponseBody body = new CustomResponseBody();
//        body.setStatus(0000);
//        body.setMsg("您已在其他地方登入，請檢查，時間為{" + event.getSessionInformation().getLastRequest() + "}");
//        event.getResponse().getWriter().write(JSON.toJSONString(body));
        redirectStrategy.sendRedirect(event.getRequest(), event.getResponse(), "/login");
    }
}
           

3.

package com.hanhuide.core.controller;

import com.hanhuide.core.mapper.CeshiMapper;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import com.hanhuide.core.model.SysUser;
import org.springframework.web.servlet.ModelAndView;

import javax.annotation.Resource;
import java.util.List;

/**
 * @program: maven
 * @description:
 * @author: 韓惠德
 * @create: 2019-12-24 16:41
 * @version: 1.0
 **/
@RestController
@Slf4j
public class Contrller11 {
    @Resource
    private CeshiMapper ceshiMapper;

    @ApiOperation(value = "測試資料源", notes = "測試資料源")
    @GetMapping("system")
    public List<SysUser> ceshi() {
        return ceshiMapper.findAll();
    }

    @ApiOperation(value = "測試資料源2", notes = "測試資料源2")
    @GetMapping("/system/menu")
    public List<SysUser> ceshi2() {
        return ceshiMapper.findAll2();
    }

    @RequestMapping("/invalid")
    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    public String invalid() {
        return "Session 已過期，請重新登入";
    }
}
           

 重新整理火狐浏覽器 直接跳轉到登入頁面