我可以使用 Spring Security 管理多个浏览器选项卡吗? [英] Can I manage multiple browser tabs with Spring Security?
问题描述
我想知道使用 Spring Security 是否可以验证用户会话,只允许打开一个浏览器选项卡.可能吗?
I wonder if, with Spring Security, I can validate the user sessions, allowing only one browser tab open. Is it possible?
我还想知道我是否可以做到,当用户关闭选项卡并在他的会话结束之前再次打开它时,从直接应用程序会话过滤它,而无需进入登录屏幕.
I would also like to know if I can do it, when the user closes the tab and open it again before the end of his session SessionFilter it from direct application, without going to the login screen.
我正在使用 JSF 1.2、RichFaces 3.3.3、Hibernate 和 co ...
I'm using JSF 1.2, RichFaces 3.3.3, Hibernate and co ...
细节:我知道spring security,我只是在研究一下.
Detail: I know the spring security, I'm just researching it.
现在感谢并原谅我的英语不好.
Now thanks and excuse me for my bad English.
见!
推荐答案
没有.Spring Security 无法判断请求是来自原始选项卡还是来自新选项卡 - 该信息严格来自客户端.来自 http://static.springsource.org/spring-security/site/faq.html :
No. Spring Security cannot tell if the request was from the original tab or from a new tab - that information is strictly client-side. From http://static.springsource.org/spring-security/site/faq.html :
2.1.
我正在使用 Spring Security 的并发会话控制,以防止用户一次登录不止一次.当我打开另一个浏览器窗口时登录后,它不会阻止我从再次登录.为什么我可以登录不止一次?
I'm using Spring Security's concurrent session control to prevent users from logging in more than once at a time. When I open another browser window after logging in, it doesn't stop me from logging in again. Why can I log in more than once?
浏览器一般都维护一个每个浏览器实例的会话.你不能有两个单独的会话一次.所以如果你再次登录另一个窗口或标签,你只是在同一会话中重新进行身份验证.服务器什么都不知道选项卡、窗口或浏览器实例.它看到的只是 HTTP 请求和它将它们与特定会话联系起来根据价值它们包含的 JSESSIONID cookie.当用户在一个过程中进行身份验证时session,Spring Security 的并发会话控制检查数量其他经过身份验证的会话,他们有.如果他们已经使用同一会话进行身份验证,然后重新认证将没有效果.
Browsers generally maintain a single session per browser instance. You cannot have two separate sessions at once. So if you log in again in another window or tab you are just reauthenticating in the same session. The server doesn't know anything about tabs, windows or browser instances. All it sees are HTTP requests and it ties those to a particular session according to the value of the the JSESSIONID cookie that they contain. When a user authenticates during a session, Spring Security's concurrent session control checks the number of other authenticated sessions that they have. If they are already authenticated with the same session, then re-authenticating will have no effect.
这篇关于我可以使用 Spring Security 管理多个浏览器选项卡吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
