当我使用ConcurrentSessionControlAuthenticationStrategy而不是ConcurrentSessionControlStrategy时,sessionRegistry为空
柯永福
问题内容:
问题答案:
我写的http标签里面:
我有以下sas bean
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
在代码中,我从注册表中获取信息:
@Autowired
private SessionRegistry sessionRegistry;
....
sessionRegistry.getAllPrincipals()
现在正在工作。
但是org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy不赞成上课的问题
我这样替换了sas bean
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
但现在
sessionRegistry.getAllPrincipals()
总是返回空列表。
如何解决?
PS完整配置:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd
">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>test</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<!-- Spring MVC -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/webContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>com.cj.xss.XSSFilter</filter-class>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>monitoring-path</param-name>
<param-value>/admin/monitoring</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>charsetFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>404</error-code>
<location>/error</location>
</error-page>
</web-app>
安全上下文:
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
<access-denied-handler error-page="/403" />
<custom-filter ref="concurrencyFilter" after="SECURITY_CONTEXT_FILTER"/>
<form-login login-page="/loginAdmin" login-processing-url="/admin/j_spring_security_check_admin"
default-target-url="/admin"
authentication-failure-url="/loginAdminFailed"
authentication-success-handler-ref="authAdminSuccessHandler"/>
<intercept-url pattern="/admin/j_spring_security_check_admin" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/admin/accounts/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/users/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/terminals/**" access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/money/**" access="ROLE_FINANSIER, ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/moderation/**" access="ROLE_SUPERADMIN,ROLE_MODERATOR"/>
<intercept-url pattern="/admin/moderation/pictures"
access="ROLE_SUPERADMIN,ROLE_MODERATOR, ROLE_IMAGE_MODERATOR"/>
<intercept-url pattern="/admin/statistic/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/rules/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/terminals/addImageToTerminal"
access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/terminals/deleteTerminalImage"
access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/systemGroupsModeration" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/adminUsers" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/contentModeration/**" access="ROLE_SUPERADMIN, ROLE_MODERATOR, ROLE_IMAGE_MODERATOR"/>
<intercept-url pattern="/admin/campaignModeration/**" access="ROLE_SUPERADMIN, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/monitoring" access="ROLE_SUPERADMIN"/>
<logout logout-url="/logout" logout-success-url="/loginAdmin"/>
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" />
</http>
<http auto-config="true" authentication-manager-ref="userAuthenticationManager">
<form-login login-page="/"
default-target-url="/member/personalAccount"
authentication-failure-url="/loginfailed" authentication-success-handler-ref="authSuccessHandler"/>
<!-- <intercept-url pattern="/common/*" filters="none" /> -->
<intercept-url pattern="/member/createCompany/addParams" access="ROLE_ANONYMOUS, ROLE_USER"/>
<intercept-url pattern="/member/**" access="ROLE_USER"/>
<intercept-url pattern="/owner/*" access="ROLE_OWNER"/>
<intercept-url pattern="/member/getImage/*"
access="ROLE_ANONYMOUS, ROLE_OWNER,ROLE_USER, ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_IMAGE_MODERATOR, ROLE_CAMPAIGN_MODERATOR, ROLE_FINANSIER, ROLE_MODERATOR"/>
<logout logout-url="/logout" logout-success-url="/"/>
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
</http>
<beans:bean id="userSecurityService" class="com.terminal.service.impl.UserSecurityService"/>
<beans:bean id="authSuccessHandler" class="com.terminal.filter.RoleAuthSuccessHandler"/>
<beans:bean id="authAdminSuccessHandler" class="com.terminal.filter.admin.RoleAuthAdminHandler"/>
<beans:bean id="adminSecurityService" class="com.terminal.service.admin.impl.TerminalAdminSecurityServiceImpl"/>
<beans:bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager id="adminAuthenticationManager">
<authentication-provider user-service-ref="adminSecurityService">
<password-encoder ref="encoder"/>
</authentication-provider>
</authentication-manager>
<authentication-manager id="userAuthenticationManager">
<authentication-provider user-service-ref="userSecurityService">
<password-encoder ref="encoder"/>
</authentication-provider>
</authentication-manager>
<authentication-manager id="internalUserAuthenticationManager">
<authentication-provider user-service-ref="userSecurityService">
<password-encoder ref="noopEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg index="0" value="10"/>
</beans:bean>
<beans:bean id="noopEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/" />
</beans:bean>
</beans:beans>
applicationContext.xml:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
">
<import resource="classpath:META-INF/dataContext.xml"/>
<import resource="classpath:META-INF/restTemplateContext.xml" />
<import resource="classpath:META-INF/securityContext.xml"/>
<context:component-scan base-package="com.terminal" >
<context:include-filter type="annotation" expression="org.aspectj.lang.annotation.Aspect"/>
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
</beans>
dataContext.xml
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd">
<tx:annotation-driven transaction-manager="transactionManager"/>
<context:component-scan base-package="com.terminal.domain, com.terminal.dao, com.terminal.utils"/>
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
<task:scheduler id="jobScheduler" pool-size="10"/>
<beans profile="test">
<bean id="wrappedDataSource" class="net.bull.javamelody.SpringDataSourceFactoryBean">
<property name="targetName" value="dataSource" />
</bean>
<bean class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" id="dataSource">
<property name="driverClassName" value="org.h2.Driver" />
<property name="url" value="jdbc:h2:~/test;MODE=PostgreSQL" />
<property name="username" value="sa" />
<property name="password" value="" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="wrappedDataSource"/>
<property name="configLocation">
<value>classpath:hibernate-test.cfg.xml</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hbm2ddl.auto">create-drop</prop>
</props>
</property>
</bean>
<context:property-placeholder location="classpath:jdbc.properties"/>
</beans>
<beans profile="dev">
<bean id="wrappedDataSource" class="net.bull.javamelody.SpringDataSourceFactoryBean">
<property name="targetName" value="dataSource" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="wrappedDataSource"/>
<property name="configLocation">
<value>classpath:hibernate.cfg.xml</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.dialect">${jdbc.dialect}</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hbm2ddl.auto">validate</prop>
</props>
</property>
</bean>
<context:property-placeholder location="classpath:jdbc-local.properties"/>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
p:driverClassName="${jdbc.driverClassName}" p:url="${jdbc.databaseurl}"
p:username="${jdbc.username}" p:password="${jdbc.password}"/>
</beans>
<beans profile="prod">
<bean id="wrappedDataSource" class="net.bull.javamelody.SpringDataSourceFactoryBean">
<property name="targetName" value="dataSource" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="wrappedDataSource"/>
<property name="configLocation">
<value>classpath:hibernate.cfg.xml</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.dialect">${jdbc.dialect}</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hbm2ddl.auto">validate</prop>
</props>
</property>
</bean>
<context:property-placeholder location="classpath:jdbc.properties"/>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
p:driverClassName="${jdbc.driverClassName}" p:url="${jdbc.databaseurl}"
p:username="${jdbc.username}" p:password="${jdbc.password}"/>
</beans>
</beans>
restTemplateContext.xml
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
">
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
<property name="messageConverters">
<list>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"/>
<bean class="org.springframework.http.converter.FormHttpMessageConverter"/>
<bean class="com.terminal.converter.MatrixVariablesMessageConverter"/>
</list>
</property>
</bean>
</beans>
securityContext.xml
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
<access-denied-handler error-page="/403" />
<custom-filter ref="concurrencyFilter" after="SECURITY_CONTEXT_FILTER"/>
<form-login login-page="/loginAdmin" login-processing-url="/admin/j_spring_security_check_admin"
default-target-url="/admin"
authentication-failure-url="/loginAdminFailed"
authentication-success-handler-ref="authAdminSuccessHandler"/>
<intercept-url pattern="/admin/j_spring_security_check_admin" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/admin/accounts/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/users/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/terminals/**" access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/money/**" access="ROLE_FINANSIER, ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/moderation/**" access="ROLE_SUPERADMIN,ROLE_MODERATOR"/>
<intercept-url pattern="/admin/moderation/pictures"
access="ROLE_SUPERADMIN,ROLE_MODERATOR, ROLE_IMAGE_MODERATOR"/>
<intercept-url pattern="/admin/statistic/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/rules/**" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/terminals/addImageToTerminal"
access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/terminals/deleteTerminalImage"
access="ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/systemGroupsModeration" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/adminUsers" access="ROLE_SUPERADMIN"/>
<intercept-url pattern="/admin/contentModeration/**" access="ROLE_SUPERADMIN, ROLE_MODERATOR, ROLE_IMAGE_MODERATOR"/>
<intercept-url pattern="/admin/campaignModeration/**" access="ROLE_SUPERADMIN, ROLE_MODERATOR"/>
<intercept-url pattern="/admin/monitoring" access="ROLE_SUPERADMIN"/>
<logout logout-url="/logout" logout-success-url="/loginAdmin"/>
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" />
</http>
<http auto-config="true" authentication-manager-ref="userAuthenticationManager">
<form-login login-page="/"
default-target-url="/member/personalAccount"
authentication-failure-url="/loginfailed" authentication-success-handler-ref="authSuccessHandler"/>
<!-- <intercept-url pattern="/common/*" filters="none" /> -->
<intercept-url pattern="/member/createCompany/addParams" access="ROLE_ANONYMOUS, ROLE_USER"/>
<intercept-url pattern="/member/**" access="ROLE_USER"/>
<intercept-url pattern="/owner/*" access="ROLE_OWNER"/>
<intercept-url pattern="/member/getImage/*"
access="ROLE_ANONYMOUS, ROLE_OWNER,ROLE_USER, ROLE_SUPERADMIN, ROLE_TERMINAL_MODERATOR, ROLE_IMAGE_MODERATOR, ROLE_CAMPAIGN_MODERATOR, ROLE_FINANSIER, ROLE_MODERATOR"/>
<logout logout-url="/logout" logout-success-url="/"/>
<port-mappings>
<port-mapping http="${http.port}" https="${https.port}"/>
</port-mappings>
</http>
<beans:bean id="userSecurityService" class="com.terminal.service.impl.UserSecurityService"/>
<beans:bean id="authSuccessHandler" class="com.terminal.filter.RoleAuthSuccessHandler"/>
<beans:bean id="authAdminSuccessHandler" class="com.terminal.filter.admin.RoleAuthAdminHandler"/>
<beans:bean id="adminSecurityService" class="com.terminal.service.admin.impl.TerminalAdminSecurityServiceImpl"/>
<beans:bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<authentication-manager id="adminAuthenticationManager">
<authentication-provider user-service-ref="adminSecurityService">
<password-encoder ref="encoder"/>
</authentication-provider>
</authentication-manager>
<authentication-manager id="userAuthenticationManager">
<authentication-provider user-service-ref="userSecurityService">
<password-encoder ref="encoder"/>
</authentication-provider>
</authentication-manager>
<authentication-manager id="internalUserAuthenticationManager">
<authentication-provider user-service-ref="userSecurityService">
<password-encoder ref="noopEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg index="0" value="10"/>
</beans:bean>
<beans:bean id="noopEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/" />
</beans:bean>
</beans:beans>
问题答案:
我遇到了同样的问题,问题是由于web.xml中的错误配置,在spring上下文中加载了2个sessionRegistry实例,并且sessionRegistry控制器中引用的bean与spring-
security中引用的bean不同。
修复您的web.xml,确保DispatcherServlet不会再次加载根contextConfigLocation 示例中存在的Bean
,dispatcherServlet只会加载具有spring mvc相关内容的servlet-context.xml,而root-
context.xml只会导入dao,service,安全配置bean ..
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
</param-value>
</context-param>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
更新:另一个要检查的问题是,如果您只有ConcurrentSessionControlAuthenticationStrategy,这不是注册会话,因此我们需要进行RegisterSessionAuthenticationStrategy如下操作
<bean id="sas" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry"/>
<property name="maximumSessions" value="1" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</bean>
<bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry"/>
</bean>
</list>
</constructor-arg>
</bean>
类似资料:
-
问题内容: 我试图用groovy为Swagger页面编写Selenium对象构建器。为了便于讨论,我的问题代码可以简化为以下几种: 调用它非常简单(来自JUnit3): 该构造函数是一个可怕的眼睛痛!我试图用以下等待替换它: 要么: 两者都产生了相同的结果:以开头的行中的闭包中的“ org.openqa.selenium.StaleElementReferenceException:元素不再连接到
-
问题内容: 我有一个完全由Weblogic容器保护的Web应用程序。现在,我必须列出当前登录的用户。我必须为此使用Spring Security 2.0.4 在web.xml中,我定义了必要的侦听器和过滤器: 之后,按照我的理解,我定义了bean: 最后,我编写了一个简单的JSP页面,其中列出了用户: 这是我的帮助程序类尝试获取用户列表的方式: 不幸的是,所有这些都不起作用,我也不知道该如何调试。
-
我有一个运行的Android应用程序,有一个导航抽屉活动。对于每个菜单项,我都希望实现一个单独的片段,这样我就可以使用相同的工具栏和抽屉菜单。现在,其中一个片段应该包含一个带有3个选项卡的视图(3个片段中有RecycerViews)。我创建了一个选项卡式活动,并将代码迁移到一个新的片段中。当我第一次点击带有tab-fragment的menuitem时,它工作得非常好。但当我浏览菜单,然后再次打开标
-
问题内容: 从log.go(执行日志包): 只是一个函数包装器,为什么我应该用它代替or ? 有实际原因吗? 问题答案: 两件事不同: 通过包日志进行打印对于并发goroutine是安全的(而普通的则不是) 日志可以自动添加计时信息。 因此,这是两件完全不同的事情。log用于记录和格式化。(好吧,log使用相同的动词和标志,但这很方便)。
-
我想使用log4j2作为我的slf4j日志记录应用程序的日志记录实现。 文档说明我必须依赖于log4j-slf4j-impl和log4j-core。 我的问题是为什么log4j-slf4j-impl不依赖于log4j-core(因此带来了它绝对需要的库)?
-
问题内容: 我正在阅读Java JDBC规范(版本4),并且遇到了以下语句: DataSource-此接口在JDBC 2.0可选软件包API中引入。它优于DriverManager,因为它允许有关基础数据源的详细信息对应用程序透明 我想了解的是a 和a 之间的区别以及它为什么存在。我的意思是,上面的代码块说关于数据源的详细信息对于应用程序是透明的,但是是否不会在属性文件中外部化数据库属性(例如用户