zoukankan      html  css  js  c++  java
  • SpringSecurity3.X

    http://hanqunfeng.iteye.com/blog/1163284

    http://www.iteye.com/topic/1117066

    直接说问题吧,就是希望同一时间相同的用户只能有一个访问系统,我理所当然的想到了session-management,在使用SpringSecurity2.x时,直接配置如下即可:

     <sec:http entry-point-ref="casProcessingFilterEntryPoint" 

        access-denied-page="/access/denied.do" 

        access-decision-manager-ref="accessDecisionManager" auto-config="false">

           …………………………

        &nbsp;<sec:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" expired-url="/access/same_login.do" />

     </sec:http>

    也就是说,相同的用户在第二次登录后,那么第一次登录就会失效,需要重新获取认证。

    在使用SpringSecurity3.X时,我尝试配置如下:

    <http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager"

    access-denied-page="/access/denied.do" auto-config="false">

                     …………………………

       &nbsp;          <session-management> 

                         <concurrency-control max-sessions="1" expired-url="/access/same_login.do" 

          error-if-maximum-exceeded="false" /> 

                  </session-management> 

    <custom-filter position="CAS_FILTER" ref="casFilter" />

    <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />

    <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />

    </http>

    结果发现并没有起作用,查看了一下源码,基本上搞清楚了原因,下面是session管理相关的时序图:

    从图中可以看出,验证的关键就是ConcurrentSessionControlStrategy

    CasAuthenticationFilter继承于AbstractAuthenticationProcessingFilter,可是后者默认使用的不是ConcurrentSessionControlStrategy,而是NullAuthenticatedSessionStrategy,该类什么都没做,所以,上面的配置根本不会起作用,

    那么要想使session-management真正起作用,我们该如何做呢?

    首先,必须为CasAuthenticationFilter注入一个ConcurrentSessionControlStrategy,

    然后,ConcurrentSessionControlStrategy和ConcurrentSessionFilter又需要使用相同的SessionRegistryImpl,所以我们只需要将这些bean显示声明即可。

    参看了一下SpringSecurity3.X的官方帮助文件,修改配置如下:

    <http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager"

    access-denied-page="/access/denied.do" auto-config="false">

    …………………………

    <session-management

    session-authentication-strategy-ref="sessionAuthenticationStrategy" />

    <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />

    <custom-filter position="CAS_FILTER" ref="casFilter" />

    <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />

    <custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />

    </http>

    <beans:bean id="sessionAuthenticationStrategy"

    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">

    <beans:constructor-arg name="sessionRegistry"

    ref="sessionRegistry" />

    <beans:property name="maximumSessions" value="1" />

    </beans:bean>

    <beans:bean id="sessionRegistry"

    class="org.springframework.security.core.session.SessionRegistryImpl" />

    <beans:bean id="concurrencyFilter"

    class="org.springframework.security.web.session.ConcurrentSessionFilter">

    <beans:property name="sessionRegistry" ref="sessionRegistry" />

    <beans:property name="expiredUrl" value="/session-expired.htm" />

    </beans:bean>

    <!-- cas 认证过滤器 -->

    <beans:bean id="casFilter"

    class="org.springframework.security.cas.web.CasAuthenticationFilter">

    <beans:property name="authenticationManager" ref="authenticationManager" />

    <beans:property name="authenticationFailureHandler"

    ref="authenticationFailureHandler" />

    <beans:property name="authenticationSuccessHandler"

    ref="authenticationSuccessHandler" />

    <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_check.do" />

    <beans:property name="sessionAuthenticationStrategy"

    ref="sessionAuthenticationStrategy" />

    </beans:bean>


  • 相关阅读:
    附近有什么?8款可以查周边的App
    实体店里充话费要怎么弄
    怎样买手机号?
    手机号是SIM卡的号呢,还是买手机时就带的
    网站SSL证书在线检测
    未来什么行业最赚钱
    陈安之-如何选择最赚钱的行业
    斗鱼宣布获C轮15亿融资 直播行业进入资本时代
    2016年Godaddy最新域名转出教程
    GoDaddy账户间域名转移PUSH以及ACCEPT接受域名过户方法
  • 原文地址:https://www.cnblogs.com/danghuijian/p/4400050.html
Copyright © 2011-2022 走看看