son*_*rin 11 spring-security spring-boot
更新的问题:
我有一个使用EmbeddedTomcat和Spring-Security的spring-boot 1.1.3.RELEASE项目.我暂时发布了这个问题,但是这个问题没有得到解答(对那些看到那篇帖子而且没有意义的人表示道歉.希望这个更好)
这是我的设置: build.gradle:
project.ext {
springBootVersion = '1.1.3.RELEASE'
}
dependencies {
compile("org.springframework.boot:spring-boot-starter-web:$springBootVersion")
compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile("org.springframework.boot:spring-boot-starter-security")
compile("org.springframework.boot:spring-boot-starter-data-jpa:$springBootVersion")
compile("org.springframework.security:spring-security-web:4.0.0.M1")
compile("org.springframework.security:spring-security-config:4.0.0.M1")
compile('org.thymeleaf.extras:thymeleaf-extras-springsecurity3:2.1.1.RELEASE')
compile("org.hibernate:hibernate-core:4.3.4.Final")
compile("org.hibernate:hibernate-entitymanager:4.3.4.Final")
compile("org.hibernate:hibernate-validator")
compile("com.h2database:h2:1.3.172")
compile("joda-time:joda-time:2.3")
// compile("org.thymeleaf:thymeleaf-spring4")
compile("org.codehaus.groovy.modules.http-builder:http-builder:0.7.1")
compile('org.codehaus.groovy:groovy-all:2.2.1')
compile('org.jadira.usertype:usertype.jodatime:2.0.1')
compile("org.liquibase:liquibase-core")
testCompile('org.spockframework:spock-core:1.0-groovy-2.0-SNAPSHOT') {
exclude group: 'org.codehaus.groovy', module: 'groovy-all'
}
testCompile('org.spockframework:spock-spring:1.0-groovy-2.0-SNAPSHOT') {
exclude group: 'org.spockframework', module: 'spock-core'
exclude group: 'org.spockframework', module: 'spring-beans'
exclude group: 'org.spockframework', module: 'spring-test'
exclude group: 'org.codehaus.groovy', module: 'groovy-all'
}
testCompile("org.springframework.boot:spring-boot-starter-test:$springBootVersion")
testCompile('org.codehaus.groovy.modules.http-builder:http-builder:0.7+')
testCompile("junit:junit")
}
我的主要课程:
@ComponentScan
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class OFAC {
public static void main(String[] args) {
ApplicationContext ofac = SpringApplication.run( OFAC.class, args );
}
}
我的主要配置:
@Configuration
@EnableScheduling
public class OFAConfiguration {
@Autowired
private ConfigurationSettings configurationSettings;
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
return new SessionTimeoutEmbeddedServletContainerCustomizer();
}
}
而Marten推荐的embeddedServletContainer:
public class SessionTimeoutEmbeddedServletContainerCustomizer implements EmbeddedServletContainerCustomizer {
@Autowired
private ConfigurationSettings configurationSettings;
@Override
public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
int port = 9000;
TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) configurableEmbeddedServletContainer;
if ( configurationSettings.getServerPort() != null ) {
port = Integer.parseInt( configurationSettings.getServerPort() );
}
tomcat.setPort( port );
tomcat.addErrorPages( new ErrorPage( HttpStatus.NOT_FOUND, "/notfound.html" ) );
}
}
我的安全配置:
@Configuration
@EnableWebMvcSecurity
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource datasource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/libs/**").permitAll();
http
.formLogin().failureUrl("/login?error")
.defaultSuccessUrl("/")
.loginPage("/login")
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/")
.permitAll();
http
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login?expired")
.maxSessionsPreventsLogin(true)
.and()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.invalidSessionUrl("/");
http
.authorizeRequests().anyRequest().authenticated();
}
和
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
// no code actually
}
在我的application.properties中,我有五分钟的超时:
server.session-timeout=300
当我启动时,我看到以下日志消息:
2014-07-08 14:02:18.735 INFO 69422 --- [ main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@340b9eec: startup date [Tue Jul 08 14:02:18 MDT 2014]; root of context hierarchy
2014-07-08 14:02:20.827 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.scheduling.annotation.SchedulingConfiguration' of type [class org.springframework.scheduling.annotation.SchedulingConfiguration$$EnhancerBySpringCGLIB$$75b53f01] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:20.983 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [class org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$6ac51dc6] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.016 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'transactionAttributeSource' of type [class org.springframework.transaction.annotation.AnnotationTransactionAttributeSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.035 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'transactionInterceptor' of type [class org.springframework.transaction.interceptor.TransactionInterceptor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.047 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.config.internalTransactionAdvisor' of type [class org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.097 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration' of type [class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration$$EnhancerBySpringCGLIB$$38601c80] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.118 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'objectPostProcessor' of type [class org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.120 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@2f8ffdc4' of type [class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.177 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'authenticationSecurity' of type [class com.edelweissco.ofac.configuration.AuthenticationSecurity$$EnhancerBySpringCGLIB$$85675816] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.199 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'enableGlobalAuthenticationAutowiredConfigurer' of type [class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$EnableGlobalAuthenticationAutowiredConfigurer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.218 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration' of type [class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$$EnhancerBySpringCGLIB$$2da1b835] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.219 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration' of type [class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$c09573b2] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.250 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.258 INFO 69422 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'metaDataSourceAdvisor' of type [class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2014-07-08 14:02:21.934 INFO 69422 --- [ main] .t.TomcatEmbeddedServletContainerFactory : Server initialized with port: 9001
2014-07-08 14:02:22.213 INFO 69422 --- [ main] o.apache.catalina.core.StandardService : Starting service Tomcat
2014-07-08 14:02:22.213 INFO 69422 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/7.0.54
2014-07-08 14:02:22.363 INFO 69422 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2014-07-08 14:02:22.364 INFO 69422 --- [ost-startStop-1] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3631 ms
2014-07-08 14:02:24.157 INFO 69422 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6e3afd5, org.springframework.security.web.context.SecurityContextPersistenceFilter@96219e4, org.springframework.security.web.header.HeaderWriterFilter@12cad708, org.springframework.security.web.csrf.CsrfFilter@78688290, org.springframework.security.web.authentication.logout.LogoutFilter@655490cd, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@331b7b16, org.springframework.security.web.session.ConcurrentSessionFilter@5d42f8e3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@750bff35, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1dd0a8c0, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4e2ccc7b, org.springframework.security.web.session.SessionManagementFilter@7b54be6d, org.springframework.security.web.access.ExceptionTranslationFilter@5497e581, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@16254dd7]
2014-07-08 14:02:24.242 INFO 69422 --- [ost-startStop-1] o.s.b.c.e.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
2014-07-08 14:02:24.244 INFO 69422 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2014-07-08 14:02:24.244 INFO 69422 --- [ost-startStop-1] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
..
2014-07-08 14:02:31.240 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2014-07-08 14:02:31.357 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/about],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.AboutController.get(org.springframework.ui.Model)
2014-07-08 14:02:31.357 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/admin],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.AdminController.displayUpload(org.springframework.ui.Model)
2014-07-08 14:02:31.358 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/upload],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.CustomerDataController.displayUpload(org.springframework.ui.Model)
2014-07-08 14:02:31.358 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/customerFile],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.CustomerDataController.handleFileUpload(org.springframework.web.multipart.MultipartFile,org.springframework.ui.Model,org.springframework.security.core.Authentication)
2014-07-08 14:02:31.358 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/fileDownloadService],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.util.List<java.lang.String> com.edelweissco.ofac.controller.FileDownloadController.index()
2014-07-08 14:02:31.359 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/search],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.SearchController.getSearchCustomerForm(org.springframework.ui.Model)
2014-07-08 14:02:31.359 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/searchTreasuryData],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.SearchController.searchTreasury(com.edelweissco.ofac.model.SdnSearch,org.springframework.ui.Model)
2014-07-08 14:02:31.360 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/status],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.StatusController.get(org.springframework.ui.Model)
2014-07-08 14:02:31.360 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/refreshData],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String com.edelweissco.ofac.controller.StatusController.searchCustomer(org.springframework.ui.Model)
2014-07-08 14:02:31.366 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2014-07-08 14:02:31.366 INFO 69422 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],methods=[],params=[],headers=[],consumes=[],produces=[text/html],custom=[]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest)
2014-07-08 14:02:31.379 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/about] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/status] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/home] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/search] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/upload] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Root mapping to handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.380 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/admin] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2014-07-08 14:02:31.397 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2014-07-08 14:02:31.397 INFO 69422 --- [ main] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2014-07-08 14:02:32.907 INFO 69422 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2014-07-08 14:02:33.112 INFO 69422 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001/http
2014-07-08
所以我能够登录.但如果保持不活动状态,我仍然登录并能够使用完整的授权功能.我尝试使用来自两个不同浏览器的相同凭据登录,第二次尝试失败并显示"无效的用户名/密码",因此我认为正在拾取并发会话设置.FireBug或浏览器开发工具没有选择任何AJAX调用.
任何人都可以看到错误是什么?
son*_*rin 12
因此,为了让嵌入式Tomcat遵守会话超时,当您使用该server.session-timeout值时,请在几分钟而不是几秒钟内使用它.我以前的尝试是使用server.session-timeout = 300,等待至少45分钟后,超时从未发生过.但是,我将HttpSessionListener带有system.outs的bean 添加到sessionCreated()和sessionDestroyed()上的消息.使用application.properties设置,server.session-timeout=5我看到会话在5分钟不活动后被破坏.
所以,我现在可以用这些参数控制会话长度.感谢M. Deinum和Dave Sayers的帮助和建议.如果没有别的,你真的帮我清理了我的代码并更了解Spring.
我建议你看一下这个,它解释了如何修改嵌入式tomcat。让 spring boot 执行此操作并使用 aEmbeddedServletContainerCustomizer来修改您需要的内容,而不是尝试引导您自己的容器。
public class SessionTimeoutEmbeddedServletContainerCustomizer implements EmbeddedServletContainerCustomizer {
@Override
public void customize(ConfigurableEmbeddedServletContainer configurableEmbeddedServletContainer) {
TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) configurableEmbeddedServletContainer;
tomcat.setSessionTimeout(30, TimeUnit.MINUTES);
tomcat.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/notfound.html"));
}
}
然后从配置中删除容器,并将其替换为@Bean构造此定制器的方法。(我可能会将其作为一种@Bean方法添加到入门类中,这样您就可以在一个类中拥有与引导应用程序相关的所有内容!)。
@Configuration
public class OFAConfiguration {
@Bean
public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
return new SessionTimeoutEmbeddedServletContainerCustomizer();
}
}
这样做的优点是 Spring Boot 仍然通过 servlet 容器发挥其所有魔力,而您只需修改需要的内容。
我首先注意到的其他一些事情是,您的依赖项有点混乱,并且您的配置包含太多内容。
依赖关系
配置
您的配置包含多个@EnableJpaRepositories您可以删除的配置,因为 Spring Boot 会检测到 Spring Data JPA 的存在,并将为您以及@EnableTransactionManagement
您的主类扩展WebMvcConfigurerAdapter不需要,因为 Spring Boot 也会检测和配置它。
@ComponentScan
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class OFAC {
public static void main(String[] args) {
ApplicationContext ofac = SpringApplication.run( OFAC.class, args );
}
}
这应该是您入门课程所需的全部内容。
| 归档时间: |
|
| 查看次数: |
45821 次 |
| 最近记录: |