spring security SimpleRedirectInvalidSessionStrategy 源码
spring security SimpleRedirectInvalidSessionStrategy 代码
文件路径:/web/src/main/java/org/springframework/security/web/session/SimpleRedirectInvalidSessionStrategy.java
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.session;
import java.io.IOException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
/**
* Performs a redirect to a fixed URL when an invalid requested session is detected by the
* {@code SessionManagementFilter}.
*
* @author Luke Taylor
*/
public final class SimpleRedirectInvalidSessionStrategy implements InvalidSessionStrategy {
private final Log logger = LogFactory.getLog(getClass());
private final String destinationUrl;
private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
private boolean createNewSession = true;
public SimpleRedirectInvalidSessionStrategy(String invalidSessionUrl) {
Assert.isTrue(UrlUtils.isValidRedirectUrl(invalidSessionUrl), "url must start with '/' or with 'http(s)'");
this.destinationUrl = invalidSessionUrl;
}
@Override
public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (this.logger.isDebugEnabled()) {
this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
}
if (this.createNewSession) {
request.getSession();
}
this.redirectStrategy.sendRedirect(request, response, this.destinationUrl);
}
/**
* Determines whether a new session should be created before redirecting (to avoid
* possible looping issues where the same session ID is sent with the redirected
* request). Alternatively, ensure that the configured URL does not pass through the
* {@code SessionManagementFilter}.
* @param createNewSession defaults to {@code true}.
*/
public void setCreateNewSession(boolean createNewSession) {
this.createNewSession = createNewSession;
}
}
相关信息
相关文章
spring security ConcurrentSessionFilter 源码
spring security DisableEncodeUrlFilter 源码
spring security ForceEagerSessionCreationFilter 源码
spring security HttpSessionCreatedEvent 源码
spring security HttpSessionDestroyedEvent 源码
spring security HttpSessionEventPublisher 源码
spring security HttpSessionIdChangedEvent 源码
spring security InvalidSessionAccessDeniedHandler 源码
spring security InvalidSessionStrategy 源码
spring security RequestedUrlRedirectInvalidSessionStrategy 源码
0
赞
热门推荐
-
2、 - 优质文章
-
3、 gate.io
-
8、 golang
-
9、 openharmony
-
10、 Vue中input框自动聚焦