那些遇到过的问题

Spring Security基本配置

dan*_*nik 7 configuration spring spring-mvc spring-security

我想通过以下方式使用Spring安全性配置spring MVC应用程序.

  1. 只允许一个并发登录.
  2. 当HTTP会话到期时,用户将被重定向到/security/sessionTimeout.html
  3. 当用户登录成功时,他将被重定向到"/"文件夹.
  4. 当用户注销时,他也将被重定向到"/".

我按以下方式配置它:

   <security:http>
 <security:form-login login-page="/security/login.html" login-processing-url="/login" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/"/> 
  <security:session-management invalid-session-url="/security/sessionTimeout.html">
        <security:concurrency-control max-sessions="1" />
    </security:session-management>
  <security:logout logout-url="/logout" logout-success-url="/"/>
    </security:http>
Run Code Online (Sandbox Code Playgroud)

我有以下问题:

  1. 我能够在2个不同的浏览器上使用相同的帐户登录(没有并发控制工作)
  2. 当我点击退出时,我被重定向到"/security/sessionTimeout.html"而不是"/".

我遵循了Spring安全参考指南.我究竟做错了什么?

更新: 这是我的web.xml的样子.

 <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
  <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/springSecurity-servlet.xml</param-value>
</context-param>
 <display-name>SpringSecurity</display-name>
    <servlet>
    <servlet-name>springSecurity</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>springSecurity</servlet-name>
    <url-pattern>*.html</url-pattern>
  </servlet-mapping>
   <servlet-mapping>
    <servlet-name>springSecurity</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>springSecurity</servlet-name>
    <url-pattern>/index.html</url-pattern>
  </servlet-mapping>
   <welcome-file-list>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>
Run Code Online (Sandbox Code Playgroud)

更新2:只需在调试模式下运行log4j,这是我点击注销时得到的:

DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 1 of 11 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:130) - No HttpSession currently exists
    DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: null. A new one will be created.
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
    DEBUG [http-8080-2] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
    DEBUG [http-8080-2] (SessionManagementFilter.java:87) - Requested session IDD8429BBAAA9561A97E1D2350ED63BC35 is invalid.
    DEBUG [http-8080-2] (SessionManagementFilter.java:90) - Starting new session (if required) and redirecting to '/security/sessionTimeout.html'
Run Code Online (Sandbox Code Playgroud)

感觉就像我应用了会话管理过滤器/index.html,然后没有会话存在.我怎么解决呢?

mat*_*t b 2

来自Spring Security 文档

要使用并发会话支持,您需要将以下内容添加到 web.xml:

<listener>
  <listener-class>
    org.springframework.security.web.session.HttpSessionEventPublisher
  </listener-class>
</listener>
Run Code Online (Sandbox Code Playgroud)

你添加这个了吗?

归档时间:

查看次数:

2697 次

最近记录:

9 年,7 月 前
相关归档
Spring boot 1.4测试:配置错误:找到了@BootstrapWith的多个声明 23
使用 webflux 时无法在 localhost:8080/h2-console 访问 H2 db 12
不同文件类型有不同的 Prettier 规则? 11
Tomcat为每个请求创建一个新会话 8
绑定Spring MVC中的列表映射 7
在Maven中设置环境变量 7
JSTL变量未在EL中显示 6
用户名密码验证过滤器问题 5
使用OAuth2在Javascript中下载文件 5
@NotNull、@Email 注释不起作用 4
难疑归档
在Python中手动引发(抛出)异常 2079
我怎样才能过渡高度:0; 高度:自动; 用CSS? 1985
在Git中撤消一个文件的工作副本修改? 1550
在Node.js中编写文件 1538
如何知道对象在Python中是否具有属性 1491
int32的最大值是多少? 1383
const和readonly有什么区别? 1269
在文本框中的Enter键上使用JavaScript触发按钮单击 1250
在Node.js中读取环境变量 1240
如何使用jQuery设置/取消设置cookie? 1209