How to do it...

  1. Simple session handling implementation starts with creating a session as Cookie, which manages a maximum of one session per user access, deletes the session after /logout, and redirects view pages once the session expires or is compromised:
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled=true) public class AppSecurityModelG extends WebSecurityConfigurerAdapter { // refer to sources @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authProvider()); auth.eraseCredentials(false); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login**", "/after**").permitAll() ...

Get Spring 5.0 Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.