I am using Spring http security(Enablewebsecurity) to manage sessions. But the issue I am facing is, whenever I start the application, the app is opening always home page instead of going to login page. The requirement here is if session is out, need to go login page. Also session needs to time out for 30minutes. Is there any wrong with below code,
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/login").setViewName("login");
}
For adding session management,
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.sessionManagement()
.invalidSessionUrl("/invalidSession.html")
.and()
.logout()
.permitAll();
and in application property, you need to add session timeout.
server.servlet.session.timeout=30m