add timeout session

rankin-cms-web/src/main/java/cn/rankin/cmsweb/CmsWebApplication.java

@@ -1,5 +1,6 @@
 package cn.rankin.cmsweb;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;

rankin-cms-web/src/main/java/cn/rankin/cmsweb/configuration/SecurityConfig.java

@@ -13,11 +13,14 @@ import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.data.redis.core.RedisOperations;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -38,11 +41,8 @@ import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuc
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.header.Header;
 import org.springframework.security.web.header.HeaderWriter;
-import org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter;
 import org.springframework.security.web.session.SessionManagementFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.session.data.redis.RedisOperationsSessionRepository;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -275,4 +275,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             HttpUtil.error(request, response, CmsWebAPICode.AUTHORIZED_FAILD);
         }
     }
+
+    @Bean
+    public RedisOperationsSessionRepository sessionRepository(@Qualifier("sessionRedisTemplate") RedisOperations<Object, Object> sessionRedisTemplate,
+                                                              ApplicationEventPublisher applicationEventPublisher) {
+        RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(sessionRedisTemplate);
+        sessionRepository.setApplicationEventPublisher(applicationEventPublisher);
+        sessionRepository.setDefaultMaxInactiveInterval(expiration);
+        return sessionRepository;
+    }
 }

rankin-cms-web/src/main/java/cn/rankin/cmsweb/security/JwtAuthenticationTokenFilter.java

@@ -9,7 +9,6 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.NamedThreadLocal;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.util.matcher.RequestMatcher;