リンク先を参考にセッションがタイムアウトした際の遷移先を設定したつもりなのですが、
タイムアウトしても遷移したいところへ遷移できません。どこが悪いのでしょうか?
Spring Boot + Spring Security使用時のSessionTimeout対応
SecurityConfig#authenticationEntryPoint()でログアウト後の遷移先を指定しているのですが、指定したところに遷移しないんです。SessionExpiredDetectingLoginUrlAuthenticationEntryPointオブジェクトにブレークポイントを貼ってデバッグで起動しても止まりません。
Java
1package com.koikeya.project1.app.config; 2 3import org.springframework.beans.factory.annotation.Autowired; 4import org.springframework.context.annotation.Bean; 5import org.springframework.context.annotation.Configuration; 6import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 7import org.springframework.security.config.annotation.web.builders.HttpSecurity; 8import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 9import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 10import org.springframework.security.core.userdetails.UserDetailsService; 11import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 12import org.springframework.security.crypto.password.PasswordEncoder; 13import org.springframework.security.web.AuthenticationEntryPoint; 14import org.springframework.security.web.authentication.AuthenticationSuccessHandler; 15 16import com.koikeya.project1.app.controller.AuthenticationFailureHandlerImpl; 17import com.koikeya.project1.app.controller.SessionExpiredDetectingLoginUrlAuthenticationEntryPoint; 18 19 20 21/** 22 * Spring Security設定クラス 23 * @author Yuki Koike 24 */ 25@Configuration 26// @EnableWebSecurityを付与して、Spring SecurityのWeb連携機能(CSRF対策など)を有効にする 27@EnableWebSecurity 28public class SecurityConfig extends WebSecurityConfigurerAdapter { 29 30 /** 31 * UserDetailsService 32 */ 33 @Autowired 34 UserDetailsService userDetailsService; 35 36 /** 37 *AuthenticationSucessHandler 38 */ 39 @Autowired 40 AuthenticationSuccessHandler authenticationSucessHandlerImpl; 41 42 43 /** 44 * パスワード符号化用オブジェクトを返す1 45 * 46 * @return BCryptPasswordEncoderオブジェクト 47 */ 48 @Bean 49 PasswordEncoder passwordEncoder1() { 50 return new BCryptPasswordEncoder(); 51 } 52 53 @Bean 54 AuthenticationEntryPoint authenticationEntryPoint() { 55 return new SessionExpiredDetectingLoginUrlAuthenticationEntryPoint("/login"); 56 } 57 58 59 /* 60 * (非 Javadoc) 61 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity) 62 */ 63 @Override 64 protected void configure(HttpSecurity httpSecurity) throws Exception { 65 httpSecurity.authorizeRequests().antMatchers("**", "**/**", "/css/**", "/images/**", "/js/**", "/webjars/**") 66 .permitAll().antMatchers("/login/", "login/**").permitAll().anyRequest().authenticated().and() 67 .formLogin().loginProcessingUrl("/login/**").loginPage("/login_index") 68 .successHandler(authenticationSucessHandlerImpl) 69// .defaultSuccessUrl("/index") 70// .defaultSuccessUrl("/") 71// .failureUrl("/login_index?error=true").permitAll() 72 .failureHandler(new AuthenticationFailureHandlerImpl()).permitAll() 73 .and().logout()// .permitAll() 74 .and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());//.logoutSuccessUrl("/login").permitAll() 75 76 } 77 78 /* 79 * (非 Javadoc) 80 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) 81 */ 82 @Override 83 protected void configure(AuthenticationManagerBuilder auth) throws Exception { 84 auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder1()); 85 } 86} 87
Java
1package com.koikeya.project1.app.controller; 2 3import javax.servlet.http.HttpServletRequest; 4import javax.servlet.http.HttpServletResponse; 5 6import org.slf4j.Logger; 7import org.slf4j.LoggerFactory; 8import org.springframework.security.core.AuthenticationException; 9import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; 10 11//@Component 12public class SessionExpiredDetectingLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint { 13 14 Logger logger = LoggerFactory.getLogger(SessionExpiredDetectingLoginUrlAuthenticationEntryPoint.class); 15 16 17 public SessionExpiredDetectingLoginUrlAuthenticationEntryPoint(String loginFormUrl) { 18 super(loginFormUrl); 19 // TODO 自動生成されたコンストラクター・スタブ 20 } 21 22 @Override 23 protected String buildRedirectUrlToLoginPage(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) { 24 25 String redirectUrl = super.buildRedirectUrlToLoginPage(request, response, authException); 26 logger.info("redirectUrl:" + "redirectUrl"); 27 if (isRequestedSessionInvalid(request)) { 28 redirectUrl += redirectUrl.contains("?") ? "&" : "?"; 29 redirectUrl += "timeout"; 30 } 31 return redirectUrl; 32 } 33 34 private boolean isRequestedSessionInvalid(HttpServletRequest request) { 35 return request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid(); 36 } 37} 38
あなたの回答
tips
プレビュー