Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to enable session and set session timeout in Spring Security

Tags:

java

spring-mvc

spring

session

spring-security

I am new to Spring Security and I am working on a login, logout, and session timeout feature. I have configured my code by referring to this document. My code looks below:

@Override protected void configure(HttpSecurity http) throws Exception {      http.authorizeRequests().antMatchers("/admin/**")         .access("hasRole('ROLE_USER')").and().formLogin()         .loginPage("/login").failureUrl("/login?error")             .usernameParameter("username")             .passwordParameter("password")             .and().logout().logoutSuccessUrl("/login?logout").and().csrf();     http.sessionManagement().maximumSessions(1).expiredUrl("/login?expired"); }

Override the class AbstractSecurityWebApplicationInitializer

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;  public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {      @Override     public boolean enableHttpSessionEventPublisher() {         return true;     }  }

I need clarification on whether I am doing it right, if it looks good, then where I need to setup the session timeout. I am doing it fully based on annotation.

like image 248
raju vaishnav Avatar asked Apr 22 '16 13:04

raju vaishnav

2 Answers

If you are using JavaConfig and do not want to use XML you can create a HttpSessionListener and use getSession().setMaxInactiveInterval(), then in the Initializer add the listener in onStartup():

public class SessionListener implements HttpSessionListener {      @Override     public void sessionCreated(HttpSessionEvent event) {         System.out.println("session created");         event.getSession().setMaxInactiveInterval(15);     }      @Override     public void sessionDestroyed(HttpSessionEvent event) {        System.out.println("session destroyed");     } }

Then in the Initializer:

@Override public void onStartup(ServletContext servletContext) throws ServletException {     super.onStartup(servletContext);     servletContext.addListener(new SessionListener()); }
like image 170
munilvc Avatar answered Sep 28 '22 19:09

munilvc

I was able to solve above issue by adding below config in web.xml only. any better way will be accepted.

 <session-config>     <session-timeout>20</session-timeout> </session-config>
like image 33
raju vaishnav Avatar answered Sep 28 '22 20:09

raju vaishnav
Sign in to Comment

Related questions

Regular expression to select all whitespace that isn't in quotes?
Logout/Session timeout catching with spring security
How to send list of Objects to View and back to Post method in controller
ActionBarActivity: cannot be resolved to a type
Substituting parameters in log message and add a Throwable in Log4j 2
java.lang.IllegalStateException: missing behavior definition for the preceding method call getMessage("title")
Using HttpClient and HttpPost in Android with post parameters
Singleton pattern (Bill Pugh's solution)
Spring/json: Convert a typed collection like List<MyPojo>
java.lang.NoSuchMethodError: javax.servlet.ServletContext.getContextPath()Ljava/lang/String;
java Long datatype comparison
How to set Saxon as the Xslt processor in Java?
Missing sequence or table: hibernate_sequence
How are object dependencies between static blocks resolved?
Lombok 1.18.0 and Jackson 2.9.6 not working together
Passing data types from Java to C (or vice versa) using JNI
What is Java Message Service (JMS) for?
how to convert HTML text to plain text? [duplicate]
Using Sockets to send and receive data
MongoDB Composite Key

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!