Java 类org.springframework.security.web.session.InvalidSessionStrategy 实例源码

项目:sporticus    文件:ConfigurationSecurity.java   
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
    http.sessionManagement().maximumSessions(2);
    http.sessionManagement().invalidSessionStrategy(new InvalidSessionStrategy() {
        @Override
        public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
            LOGGER.debug(()->"Invalid session seen");
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        }
    });

    http.httpBasic().and()

            .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
            .and()

            .authorizeRequests()

            .antMatchers("/resources/**").permitAll()
            .antMatchers("/papi/**").permitAll()
            .antMatchers("/app*").permitAll()
            .antMatchers("/app/**").permitAll()
            .antMatchers("/accessDenied*").permitAll()

            .antMatchers("/api/**").access("hasAnyRole('ROLE_USER','ROLE_ADMIN')")

            .anyRequest().authenticated()

            .and()
            .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login")
            .defaultSuccessUrl("/home", true)
            .failureUrl("/accessDenied")
            .and()
            .exceptionHandling().accessDeniedPage("/accessDenied")

            .and()
            .logout()
            .logoutSuccessHandler(logoutSuccessHandler)
            .clearAuthentication(true)
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)

            .and()
            .exceptionHandling().accessDeniedPage("/accessDenied")
            // .and().rememberMe()
            .and().csrf().disable();
}
项目:molgenis    文件:MolgenisWebAppSecurityConfig.java   
@Bean
public InvalidSessionStrategy invalidSessionStrategy()
{
    return new AjaxAwareInvalidSessionStrategy(
            MolgenisLoginController.URI + '?' + MolgenisLoginController.PARAM_SESSION_EXPIRED);
}