失效會話彈簧安全

我的Web應用程序使用spring安全性在登錄時對用戶進行身份驗證。我也有併發控制，以避免用戶在不同的機器上登錄兩次。這工作正常，但我的問題是：如果用戶在一臺機器上登錄，然後關閉瀏覽器。然後他重新打開Web應用程序，嘗試再次登錄，他得到以下消息「超出此主體的最大會話數爲1」。我想讓瀏覽器關閉的會話無效。我怎樣才能做到這一點？失效會話彈簧安全

彈簧security.xml文件

 <?xml version="1.0" encoding="UTF-8"?> 
      <beans xmlns="http://. www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/. XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/. spring-security-3.1.xsd"> 

    <security:global-method-security 
     secured-annotations="enabled" /> 

    <security:http auto-config="false" 
     authentication-manager-ref="authenticationManager" use-expressions="true"> 
     <!-- Override default login and logout pages --> 
     <security:form-login 
       authentication-failure-handler-ref="fail" 
       authentication-success-handler-ref="success" login-page="/car/login.xhtml" 
       default-target-url="/jsf/car/home.xhtml" /> 
     <security:logout invalidate-session="true" 
       logout-url="/j_spring_security_logout" success-handler-ref="customLogoutHandler" delete-cookies="JSESSIONID"/> 
     <security:session-management> 
       <security:concurrency-control 
        max-sessions="1" error-if-maximum-exceeded="true" /> 
     </security:session-management> 
     <security:intercept-url pattern="/jsf/**" 
       access="isAuthenticated()" /> 
     <security:intercept-url pattern="/run**" 
       access="isAuthenticated()" /> 
     <security:intercept-url pattern="/pages/login.xhtml" 
       access="permitAll" /> 
    </security:http> 

    <bean id="success" class="com.car.LoginSuccess" /> 

    <bean id="fail" class="com.car.LoginFailed"> 
     <property name="defaultFailureUrl" value="/?login_error=true" /> 
    </bean> 
    <bean id="passwordEncoder" 
     class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" /> 

    <security:authentication-manager alias="authenticationManager"> 
     <security:authentication-provider 
       user-service-ref="userDetailsService"> 
       <security:password-encoder ref="passwordEncoder" 
        hash="sha" /> 
     </security:authentication-provider> 
    </security:authentication-manager>

public class FilterToGetTimeOut extends OncePerRequestFilter { 

@Override 
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException { 
    try { 
     if(request.getRequestURI().equals("/") || request.getRequestURI().equals("/car/login.xhtml")){ 
      if(request.getSession().getAttribute("login") != null && (Boolean)request.getSession().getAttribute("login") == true){ 
       response.sendRedirect("/jsf/car/home.xhtml");  //After login page 
      } 
     } else if(request.getSession().getAttribute("login") == null && !request.getRequestURI().equals("/j_spring_security_logout")){ 
      response.sendRedirect(request.getContextPath()+"/?timeout=true"); //If timeout is true send session timeout error message to JSP 
     } 
     filterChain.doFilter(request, response); 
    } catch (Exception e) { 
     //Log Exception 

    } 
}

來源

2016-06-14 Alina

你能告訴彈簧security.xml文件？ –

查看編輯後。併發控制效果很好。我不認爲關閉瀏覽器問題與xml文件有關。 – Alina

...試試吧..add invalid-session-url –

添加以下代碼"/"（第一頁）請求和logout請求。

@Controller 
public class LoginController { 

    @RequestMapping(value = "/", method = RequestMethod.GET) 
    public ModelAndView loadApp(HttpServletRequest request) { 
     HttpSession session= request.getSession(false); 
     SecurityContextHolder.clearContext(); 
     if(session != null) { 
      session.invalidate(); 
     } 

     return new ModelAndView("/car/login"); 
    } 
}

使用此過濾器How to get session time out message using Spring security

來源

2016-06-16 07:23:07

時，我沒有明白您的意思。在哪裏準確添加？ – Alina

@RequestMapping（value =「/」，method = RequestMethod.GET）...在這個請求方法 –

CAn您請給我提供完整的類和附加代碼嗎？謝謝 – Alina

失效會話彈簧安全

回答

相關問題