重启Tomcat后,发现认证还在,就像重新登录一样。但是,在我使用clean tomcat work directory之后,身份验证丢失了(切换回anonymousUser)。
那么Spring Security是如何记住tomcat关闭之间的鉴权的呢?
工作目录中与已删除的身份验证相关的内容是什么?
它与记住我功能有关吗?
最佳答案
Tomcat 在服务器重启之间保持 session 。您可以在 Tomcat configuration 中更改此行为
来自 Tomcat 文档
Whenever Apache Tomcat is shut down normally and restarted, or when an application reload is triggered, the standard Manager implementation will attempt to serialize all currently active sessions to a disk file located via the pathname attribute. All such saved sessions will then be deserialized and activated (assuming they have not expired in the mean time) when the application reload is completed.
关于java - Spring 安全 : The authentication stays after server restart,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45300759/