java - Spring session 并发

标签 java spring-mvc spring-security session-management

我想使用 spring security 来处理 session 并发。我想防止登录相同的帐户。到目前为止,我所做的是通过实现 AuthenticationProvider 来进行身份验证部分。我覆盖了 authenticate() 方法,我认为身份验证过程现在很好。我的下一步是添加 session 并发。我已将其添加到我的 spring xml 中:

<beans:bean id="loginAuthenticator" class="[...]" />

<sec:http auto-config='true'>
    <sec:intercept-url pattern="/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />  
    <sec:intercept-url pattern="/**" access="ROLE_USER" />
    <sec:form-login login-page="/login.do" login-processing-url="/j_spring_security_check" default-target-url='/home.do' always-use-default-target='true'/>
    <sec:logout logout-success-url="/login.do"/>

    <sec:session-management session-fixation-protection="migrateSession" session-authentication-error-url="/login.do" invalid-session-url="/login.do">  
        <sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />  
    </sec:session-management>
</sec:http>

<sec:authentication-manager>
    <sec:authentication-provider ref='loginAuthenticator' />
</sec:authentication-manager>

我尝试过登录相同的帐户,但仍然能够通过。你能告诉我我错过了什么吗?有什么我需要实现或扩展的吗?我的xml配置错误吗?

谢谢。

编辑:按要求记录

INFO: Initializing Coyote HTTP/1.1 on http-8080
Apr 04, 2013 4:40:15 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - displayLoginPage()
INFO : com.addressbook.security.LoginAuthenticator - ----------> authenticate() - authenticating user credentials
INFO : com.addressbook.utils.HashService - ----------> finally block hashing function
INFO : com.addressbook.security.LoginAuthenticator - ----------> username: testuser1
INFO : com.addressbook.security.LoginAuthenticator - ----------> password: 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090
INFO : com.addressbook.security.LoginAuthenticator - ----------> user xml file path: C:\Users\jlim\addressbook\xml\users.xml
INFO : com.addressbook.security.LoginAuthenticator - ----------> reached finally block fetchUsers: [com.addressbook.pojos.User@2061b97c, com.addressbook.pojos.User@6fd88c7f, com.
addressbook.pojos.User@71f01f36]
INFO : com.addressbook.security.LoginAuthenticator - ----------> user exists?: true
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - showHomePage()
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - user from session: testuser1
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> contacts xml file path: C:\Users\jlim\addressbook\xml\contacts.xml
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> reached finally block fetchContactsFromXml(): [com.addressbook.pojos.Contact@32983d64, com.addressbook.pojos.Contact@28e68a
2f, com.addressbook.pojos.Contact@377a28a3]
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - displayLoginPage()
INFO : com.addressbook.security.LoginAuthenticator - ----------> authenticate() - authenticating user credentials
INFO : com.addressbook.utils.HashService - ----------> finally block hashing function
INFO : com.addressbook.security.LoginAuthenticator - ----------> username: testuser1
INFO : com.addressbook.security.LoginAuthenticator - ----------> password: 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090
INFO : com.addressbook.security.LoginAuthenticator - ----------> user xml file path: C:\Users\jlim\addressbook\xml\users.xml
INFO : com.addressbook.security.LoginAuthenticator - ----------> reached finally block fetchUsers: [com.addressbook.pojos.User@5bdb1d55, com.addressbook.pojos.User@e62e690, com.a
ddressbook.pojos.User@7f0eff50]
INFO : com.addressbook.security.LoginAuthenticator - ----------> user exists?: true
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - showHomePage()
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - user from session: testuser1
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> contacts xml file path: C:\Users\jlim\addressbook\xml\contacts.xml
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> reached finally block fetchContactsFromXml(): [com.addressbook.pojos.Contact@2971bd51, com.addressbook.pojos.Contact@6a4426
18, com.addressbook.pojos.Contact@20212829]

最佳答案

您是否在 web.xml 中添加了监听器?:

<listener>
    <listener-class>
        org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener>

此外,请查看 documentation (版本 3.2,但与 3.x 相同)

关于java - Spring session 并发,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15606085/

上一篇:java - 当 ArrayList 中多个对象相同时,如何找到它们的索引

下一篇:java - 整理compareTo方法中的if/else语句

相关文章:

java - 我如何从另一个文件 (Android Studio) 在我的文件中使用对象

java - 在 hibernate/jpa 实体类中定义 save 方法是一个好的约定吗?

java - 如何在 Java Jersey 中获取 HTML 选中的复选框

java - Spring Boot 。 ModelAndView addObject 不是替换标签

Spring Security - 调用 login-processing-url 时出现错误 405

java - 简单的 Spring Security 要求

spring-mvc - 重写 configure(AuthentiationManageraBuilder) 方法与仅创建 DaoAuthenticationProvider 之间的区别

java - 使用信号量将特定线程放入队列

security - 如何保护刷新 token 免受黑客攻击

javascript - 开发 Angular 应用程序并在有或没有现有 Spring MVC 应用程序的情况下使用它

©2024 IT工具网  联系我们