Skip to content
Advertisement

Spring autherization http security redirection, session issue

I am using Spring http security(Enablewebsecurity) to manage sessions. But the issue I am facing is, whenever I start the application, the app is opening always home page instead of going to login page. The requirement here is if session is out, need to go login page. Also session needs to time out for 30minutes. Is there any wrong with below code,

http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();

public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/login").setViewName("login");
    }

Advertisement

Answer

For adding session management,

 http
        .authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
         .sessionManagement()
            .invalidSessionUrl("/invalidSession.html")
            .and()
        .logout()
            .permitAll();

and in application property, you need to add session timeout.

 server.servlet.session.timeout=30m

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement