Lee*_*이민규 5 java session spring spring-mvc spring-security
对不起,我的英语还不太好.请耐心等待,我希望你能理解我的问题..
我有两个Web服务器.(每个Web应用程序都是相同的)
Web服务器共享一个redis服务器.我使用Spring Security和Spring Session.当我登录第一台服务器并访问第二台服务器时,我想自动登录第二台服务器,但事实并非如此.
我猜,因为会话ID不同于不同的服务器ip.
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<!-- Loads Spring Security config file -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml,
/WEB-INF/spring/spring-security.xml,
/WEB-INF/spring/jedis.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Encoding -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Session Filter -->
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<bean id="jedisConnectionFactory" class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory">
<property name="hostName" value=""<!-- My Server IP --> />
<property name="port" value="6379" />
<property name="poolConfig" ref="redisPoolConfig" />
</bean>
<bean id="redisPoolConfig" class="redis.clients.jedis.JedisPoolConfig">
<property name="testOnBorrow" value="true" />
<property name="minEvictableIdleTimeMillis" value="60000" />
<property name="softMinEvictableIdleTimeMillis" value="1800000" />
<property name="numTestsPerEvictionRun" value="-1" />
<property name="testOnReturn" value="false" />
<property name="testWhileIdle" value="true" />
<property name="timeBetweenEvictionRunsMillis" value="30000" />
</bean>
<!-- string serializer to make redis key more readible -->
<bean id="stringRedisSerializer"
class="org.springframework.data.redis.serializer.StringRedisSerializer" />
<!-- redis template definition -->
<bean id="redisTemplate" class="org.springframework.data.redis.core.RedisTemplate" >
<property name="connectionFactory" ref="jedisConnectionFactory" />
<property name="keySerializer" ref="stringRedisSerializer" />
<property name="hashKeySerializer" ref="stringRedisSerializer" />
</bean>
<http pattern="/resources/**" security="none" />
<http auto-config="true" >
<session-management session-fixation-protection="changeSessionId">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> <!-- I couldn't clear understand of this element-->
</session-management>
<intercept-url pattern="/" access="ROLE_ANONYMOUS, ROLE_USER" />
<intercept-url pattern="/perBoard" access="ROLE_ANONYMOUS, ROLE_USER" />
<intercept-url pattern="/per" access="ROLE_ANONYMOUS, ROLE_USER" />
<intercept-url pattern="/perSearchTag" access="ROLE_ANONYMOUS, ROLE_USER" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/"
authentication-success-handler-ref="loginSuccessHandler"
authentication-failure-handler-ref="loginFailureHandler"
always-use-default-target="true"
username-parameter="j_username"
password-parameter="j_password"/>
<!-- default-target-url="/board" -->
<logout logout-success-url="/" invalidate-session="true" delete-cookies="true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
<beans:bean id="loginSuccessHandler" class=".......LoginSuccessHandler">
<beans:property name="sqlSession" ref="sqlSession" />
</beans:bean>
<beans:bean id="loginFailureHandler" class=".......LoginFailureHandler" />
<beans:bean id="userDetailsService" class="......UserDetailsServiceImpl">
<beans:property name="sqlSession" ref="sqlSession" />
</beans:bean>
这似乎是个老问题.但是,看起来有可能实现想要的行为.查看http://docs.spring.io/spring-session/docs/current/reference/html5/guides/security.html了解更多详情
<bean id="redisConnectionFactory" class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory">
<property name="port" value="${app.redis.port}" />
<property name="hostName" value="${app.redis.hostname}" />
</bean>
<context:annotation-config />
<bean
class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
上面将创建与Redis服务器的连接,并将创建一个名为bean的bean springSessionRepositoryFilter,它将取代常规HttpSession实现.
可以spring filter通过使用org.springframework.security.web.FilterChainProxy
ie 创建:
<b:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<filter-chain-map request-matcher="ant">
<filter-chain pattern="/somelocation/" filters="none" />
<filter-chain pattern="/someotherlocation"
filters="springSessionRepositoryFilter, somemorespring filters"/>
</filter-chain-map>
</b:bean>
注意:过滤器的顺序spring security很重要,不在本答复中.但是为了能够使用spring Session和redis,第一个过滤器就是springSessionRepositoryFilter.有关这方面的更多信息,请访问http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
编辑 web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter- class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这将允许在任何过滤器之前tomcat使用springSecurityFilterChain,因此它将允许springSessionRepositoryFilter成为第一个过滤器.这将带来Spring session魔术session从redisdb 获得
使用Spring session + spring securityout custom spring filters可以在http://www.jayway.com/2015/05/31/scaling-out-with-spring-session/找到
| 归档时间: |
|
| 查看次数: |
11189 次 |
| 最近记录: |