I am using Spring Security in Spring Boot to secure my web,but the Authentication stays after I restart server, so ,how to re-authenticate after I reboot my server?
more specific ,I login : http://localhost:8080/ success,now I restart my Spring boot project . Then I refresh that page but no authentication ,also , it's not redirect to login page . I want to know the logic implementation in Spring Security ?
In my view ,when server restart ,all authentication and session should be clear ,But why and how this happened?
I enable sessions :
@Override
protected void configure(HttpSecurity http) throws Exception {
http//.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/authentication")
.defaultSuccessUrl("/",true)
.permitAll()
.and()
.logout()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.maximumSessions(1)
.expiredUrl("/login?expired")
.sessionRegistry(sessionRegistry);
And define some beans :
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
I have used user details :
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//Mysql authentication
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
