Spring Security does not only manage the user authentication and access authorization, but also controls the sessions the application uses in its entire lifespan. This recipe will design a security model that focuses on session management and controls.
Open again the same ch04
project with another security model emphasizing session management and control.
- Simple session handling implementation starts with creating a session as
Cookie
, which manages a maximum of one session per user access, deletes the session after/logout
, and redirects view pages once the session expires or is compromised:
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled=true) public class AppSecurityModelG extends WebSecurityConfigurerAdapter { // refer to sources @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider...