Spring autherization http security redirection, session issue

Tags: , ,



I am using Spring http security(Enablewebsecurity) to manage sessions. But the issue I am facing is, whenever I start the application, the app is opening always home page instead of going to login page. The requirement here is if session is out, need to go login page. Also session needs to time out for 30minutes. Is there any wrong with below code,

http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();

public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/login").setViewName("login");
    }

Answer

For adding session management,

 http
        .authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
         .sessionManagement()
            .invalidSessionUrl("/invalidSession.html")
            .and()
        .logout()
            .permitAll();

and in application property, you need to add session timeout.

 server.servlet.session.timeout=30m


Source: stackoverflow