我要啦免费统计

Redirect After Session Timeout in Spring

Overview

Session management is a crucial part for web applications requires user login. If session is not managed properly, the security of data is directly impacted.

Define session timeout in web.xml

In your Spring configuration file, add the following property:

web.xml
1
2
3
<session-config>
<session-timeout>60</session-timeout>
</session-config>

Change the value in the session-timeout tag to the number of timeout minutes you want to set.

Read More

Load Dojo Modules Conditionally when using Spring Security

Scenario

In a JSP page, I want to load different Dojo modules defined in separate .js files according to the authorization roles determined by Spring Security.

At first glance, it seems that dojo/has fits my need. dojo/has provides feature detection with extensible API. So we can assign difference classes to the body element based on user’s authorization roles, and then define a test for dojo/has, that adds features based on whether the body contains a certain class or not.

Then, we can use

1
2
3
4
require(["dojo/has!feature?package/module:package/other"], function(featureModule){
// If feature is true, package/module loaded
// If feature is false, package/other loaded
});

to load modules conditionally.

However, a vital drawback of this method is that the check is done on the client side, which means the user can modify the body class on the client side to bypass the security mechanism and load the module that the user is not authorized to load. Thus Spring Security taglib is used instead in order to archive the goal.

Read More