最大会话 1 不适用于 spring boot [英] Max session 1 is not working with spring boot
本文介绍了最大会话 1 不适用于 spring boot的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想在我的应用程序中只为单个用户限制一个最大会话,其中我使用的是 Spring Boot 和基于 Java 的配置.我使用的是 spring max session 1.但它对我不起作用.这是我基于java的spring配置文件
I want to restrict only one max session for a single user in my application where i am using spring boot and java based config.I used spring max session 1. But its not working for me. This is my java based spring configuration file
package com.prcvideoplt.prc;
import javax.annotation.Resource;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import com.prcvideoplt.handlers.LoginFailureHandler;
import com.prcvideoplt.handlers.LoginSuccessHandler;
import com.prcvideoplt.handlers.LogoutSuccessHandler;
import com.prcvideoplt.service.security.CompanyBasedCustomFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@ComponentScan(basePackages = "com.prcvideoplt")
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource(name = "custUserDetails")
private UserDetailsService userDetailsService;
@Override
@Bean
public UserDetailsService userDetailsService() {
return super.userDetailsService();
}
@Bean(name = "passwordEncoder")
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(13);
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Configuration
@Order(value = 1)
public static class UserWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource(name = "loginSuccessHandler")
private LoginSuccessHandler loginSuccessHandler;
@Resource(name = "loginFailureHandler")
private LoginFailureHandler loginFailureHandler;
@Resource(name = "logoutSuccesshandler")
private LogoutSuccessHandler logoutSuccesshandler;
@Autowired
DataSource dataSource;
@Autowired
UserDetailsService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/assets/**");
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
@Bean
public CompanyBasedCustomFilter authenticationFilter() throws Exception {
CompanyBasedCustomFilter authFilter = new CompanyBasedCustomFilter();
authFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/authenticate", "POST"));
authFilter.setAuthenticationSuccessHandler(loginSuccessHandler);
authFilter.setAuthenticationFailureHandler(loginFailureHandler);
authFilter.setAuthenticationManager(authenticationManager());
return authFilter;
}
@Override
@Bean(name = "authenticationManager")
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl();
tokenRepositoryImpl.setDataSource(dataSource);
return tokenRepositoryImpl;
}
@Bean
public SessionRegistry sessionRegistry() {
SessionRegistry sessionRegistry = new SessionRegistryImpl();
return sessionRegistry;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers(new String[]{"/user/**"}).hasRole("USER").antMatchers("/admin/**")
.hasAnyRole(new String[]{"ADMIN", "SUB_ADMIN"}).antMatchers(new String[]{"/**"}).permitAll().anyRequest().authenticated().and()
.formLogin().loginPage("/check-url-pattern").loginProcessingUrl("/authenticate").usernameParameter("username")
.passwordParameter("password").permitAll().and().addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.rememberMe().key("rem-me-key").rememberMeParameter("remember-me").rememberMeCookieName("my-remember-me")
.tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400).and().logout().logoutUrl("/invalidate")
.logoutSuccessHandler(logoutSuccesshandler).invalidateHttpSession(true).and().headers().frameOptions().sameOrigin().and()
.sessionManagement().maximumSessions(1).expiredUrl("/expired").maxSessionsPreventsLogin(true).sessionRegistry(sessionRegistry());
}
}
}
请提出解决方案.
推荐答案
你必须删除
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
这篇关于最大会话 1 不适用于 spring boot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
