Spring Security - 'create-session ='的API等效'never''

我使用基於XML的配置爲Spring Security開發了幾個Java應用程序。Spring Security - 'create-session ='的API等效'never''

這一次的應用程序是基於Spring Boot 1.3.0，並使用基於API的配置，而不是基於XML的配置。

我找不到建立會話的API當量=「從不」（使用「從不」或任何其他值），如：

<sec:http create-session="never" ...> 
    ... 
</sec:http>

有沒有一種方法來設置此，從下一堂課開始？

@Configuration 
@EnableWebSecurity 
public class MySecurityConfig extends WebSecurityConfigurerAdapter { 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     ... 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     ... 
    } 
}

謝謝你的時間。

來源

2016-01-18 Florian Beaufumé

見http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#sessionManagement--

@Override 
protected void configure(final HttpSecurity http) throws Exception { 
    http 
     .sessionManagement() 
      .sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
}

來源

2016-01-18 13:26:59

您可以通過設置您的application.properties內的財產指定。您可以在docs找到彈簧安全屬性。

# ---------------------------------------- 
# SECURITY PROPERTIES 
# ---------------------------------------- 
# SECURITY (SecurityProperties) 
security.basic.authorize-mode=role # Security authorize mode to apply. 
security.basic.enabled=true # Enable basic authentication. 
security.basic.path=/** # Comma-separated list of paths to secure. 
security.basic.realm=Spring # HTTP basic realm name. 
security.enable-csrf=false # Enable Cross Site Request Forgery support. 
security.filter-order=0 # Security filter chain order. 
security.filter-dispatcher-types=ASYNC, FORWARD, INCLUDE, REQUEST # Security filter chain dispatcher types. 
security.headers.cache=true # Enable cache control HTTP headers. 
security.headers.content-type=true # Enable "X-Content-Type-Options" header. 
security.headers.frame=true # Enable "X-Frame-Options" header. 
security.headers.hsts= # HTTP Strict Transport Security (HSTS) mode (none, domain, all). 
security.headers.xss=true # Enable cross site scripting (XSS) protection. 
security.ignored= # Comma-separated list of paths to exclude from the default secured paths. 
security.require-ssl=false # Enable secure channel for all requests. 
security.sessions=stateless # Session creation policy (always, never, if_required, stateless). 
security.user.name=user # Default user name. 
security.user.password= # Password for the default user name. A random password is logged on startup by default. 
security.user.role=USER # Granted roles for the default user name.

只需設置security.sessions到適合您需要的值

來源

2016-01-18 13:38:55

Spring Security - 'create-session ='的API等效'never''

回答

相關問題