1、配置security.sessions策略
#安全配置
security:
sessions: stateless
basic:
enabled: true #启用SpringSecurity的安全配置
user:
name: wendy #认证用户名
password: wendy1 #认证密码
role: #授权
- USER
2、security.sessions策略如下:
always:保存session状态(每次会话都保存,可能会导致内存溢出【Always create an {@link HttpSession}】)
never:不会创建HttpSession,但是会使用已经存在的HttpSession[Spring Security will never create an {@link HttpSession}]
if_required:仅在需要HttpSession创建【Spring Security will only create an {@link HttpSession} if required】
stateless:不会保存session状态【 Spring Security will never create an {@link HttpSession} and it will never use it
* to obtain the {@link SecurityContext}】
注意:stateless策略推荐使用,也是默认配置
3、具体跟查看源代码SecurityProperties.java的配置项