我需要在 Spring Security 中实现会话管理,但是在 tomcat 上部署应用程序时出现错误。应用程序正在尝试从属性文件中获取 invalid-session-url 和 expired-url 属性值,但在耗尽时出现错误。
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:intercept-url pattern="/*" access="ROLE_USER"/>
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="#{CAS_server}/logout?service=#{CAS_application}/" delete-cookies="JSESSIONID"/>
<security:session-management invalid-session-url="#{CAS_server}/logout?service=#{CAS_application}" session-fixation-protection="newSession" >
<security:concurrency-control max-sessions="1" expired-url="#{CAS_server}/logout?service=#{CAS_application}" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
我只在会话管理标签上收到此错误。任何人都有任何想法。