我正在学习春天.执行登录/注销功能.
这就是我的控制器的样子:
@RequestMapping(value="/successfulLoginAuth", method=RequestMethod.GET)
public ModelAndView postHttpLogin(HttpSession session, Authentication authInfo)
{
ModelAndView mav = new ModelAndView();
mav.setViewName("redirect:/index.html");
session.setAttribute("authInfo", authInfo);
return mav;
}
登录是通过Spring Security使用我实现的dao服务执行的.这很好.
这是index.jsp的内容:
<%
HttpSession session1 = request.getSession(false);
Authentication authInfo;
if( (session1 != null) &&
( (authInfo = (Authentication)session1.getAttribute("authInfo")) != null)
)
{
out.print(" yo " + authInfo.getName() + " " + authInfo.getAuthorities().iterator().next().getAuthority());
}
else
{
%>
<a href="${pageContext.request.contextPath}/registration">New? Sign Up!</a><br/>
<a href="${pageContext.request.contextPath}/login">Existing? Sign In!</a><br/>
<%} %>
当我登录并重新启动服务器时,我仍然登录.在服务器重启后,会话信息是否应该丢失?如果我重新启动浏览器,它将按预期工作(即会话信息丢失).
这是我的Spring Security配置:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/logout" access="permitAll" />
<intercept-url pattern="/accessdenied" access="permitAll" />
<form-login login-page="/login" default-target-url="/successfulLoginAuth" authentication-failure-url="/accessdenied" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService"></authentication-provider>
</authentication-manager>
解决方法:
我假设您正在使用Tomcat,它使用Manager组件在应用程序生命周期之间保持会话.您可以在the Manager component configuration中更改所有这些设置.
我认为这也取决于你做的改变. Eclipse的Tomcat服务器插件将决定是否应该刷新序列化的HttpSessions.