基于webflux的security的Session过期时间设置
之前的session.timeout的设置方式不会起作用,需要我们去继承WebSessionServerSecurityContextRepository类再做配置,配置相关代码如下:
@Configuration
public class SessionConfig extends WebSessionServerSecurityContextRepository {
// 所有security生成的session的name都是SPRING_SECURITY_CONTEXT
public static final String DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME = "SPRING_SECURITY_CONTEXT";
private String springSecurityContextAttrName = DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME;
// 过期时间写在了配置文件中
@Value("${sessionExpireTime}")
private Long sessionExpireTime;
@Override
public void setSpringSecurityContextAttrName(String springSecurityContextAttrName) {
super.setSpringSecurityContextAttrName(springSecurityContextAttrName);
}
@Override
public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
return exchange.getSession()
.doOnNext(session -> {
if (context == null) {
session.getAttributes().remove(this.springSecurityContextAttrName);
} else {
session.getAttributes().put(this.springSecurityContextAttrName, context);
// 在这里设置过期时间 单位使用Duration类中的定义 有秒、分、天等
session.setMaxIdleTime(Duration.ofSeconds(sessionExpireTime));
}
})
.flatMap(session -> session.changeSessionId());
}
// 通过该方法可以获取到所有的session
@Override
public Mono<SecurityContext> load(ServerWebExchange exchange) {
return super.load(exchange);
}
}```