2
我目前有一个使用JBoss 5服务器上托管的Spring Security的Web应用程序。Spring安全会话超时 - 清除浏览器缓存
我的问题是,如果用户闲置几分钟,那么由于web.xml设置,他们的会话超时。偶尔当他们尝试点击webapp时,他们的会话无效,他们会得到一个404错误。浏览器可以看到Web应用程序的唯一方法是当用户清除浏览器缓存时。
是否有解决此问题的方法,以便用户不必清除浏览器缓存?
这里是我的Spring Security XML
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/import/trades" access="permitAll" />
<!--
The roles are prefix with the word ROLE
and it is upper case due to ldapAuthoritiesPopulator config section
-->
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_NBFIEPN_USERS', 'ROLE_NBFIEPN_DEVELOPERS')" />
<security:form-login login-page="/login" authentication-failure-url="/login?error=true"/>
<security:logout />
</security:http>
这是我的web.xml文件。我目前已将会话超时设置为1分钟来复制问题。
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>TBA Web Application</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/security-config.xml
</param-value>
</context-param>
<servlet>
<servlet-name>horizon</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/applicationContext.xml
/WEB-INF/spring/applicationContext-service.xml
/WEB-INF/spring/mvc-config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>horizon</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Session Timeout in minutes -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
感谢您的帮助。它实际上是一个JBoss服务器问题。我的一个集群中的JBoss服务器很糟糕。 – 2012-02-02 21:17:51