Spring boot 无法在Spring引导中停止并发会话(KeyClope身份验证服务器)
我能够使用Spring Security和KeyClope实现身份验证功能(按预期工作)。但是,当我试图在Spring安全配置中停止并发登录时,它不起作用。我也尝试过KeyClope配置,但是我知道没有这样的内置功能/配置来停止并发登录 Spring Boot密钥斗篷配置如下:Spring boot 无法在Spring引导中停止并发会话(KeyClope身份验证服务器),spring-boot,spring-security,spring-security-oauth2,keycloak,Spring Boot,Spring Security,Spring Security Oauth2,Keycloak,我能够使用Spring Security和KeyClope实现身份验证功能(按预期工作)。但是,当我试图在Spring安全配置中停止并发登录时,它不起作用。我也尝试过KeyClope配置,但是我知道没有这样的内置功能/配置来停止并发登录 Spring Boot密钥斗篷配置如下: SessionRegistry sesionregistry=new SessionRegistryImpl(); @Autowired public void configureGlobal(Authenticati
SessionRegistry sesionregistry=new SessionRegistryImpl();
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(sesionregistry);
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {return new KeycloakSpringBootConfigResolver();}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/login").hasRole("user")
.antMatchers("/app/*").hasRole("user")
//.antMatchers("/logout").permitAll()
.anyRequest().permitAll()
.and()
.authorizeRequests()
.antMatchers("/admin*").hasRole("admin")
.anyRequest().permitAll()
.and()
.logout().logoutUrl("/logout")
.and()
.sessionManagement().maximumSessions(1)
.maxSessionsPreventsLogin(true)
; //for maximum 1 session for any user
}
org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@87138d52: Principal: c8827230-1916-4026-923c-642be90d0d38; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@1e21cde6; Granted Authorities: ROLE_user, ROLE_uma_authorization
使用此配置,我可以登录,但不会禁用并发登录
我尝试打印同一用户不同登录名的主体对象,发现:
第1课时:
org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@ec24d1c4:Principal: c8827230-1916-4026-923c-642be90d0d38; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@7f2460bd; Granted Authorities: ROLE_user, ROLE_uma_authorization
第二课时:
SessionRegistry sesionregistry=new SessionRegistryImpl();
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(sesionregistry);
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {return new KeycloakSpringBootConfigResolver();}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/login").hasRole("user")
.antMatchers("/app/*").hasRole("user")
//.antMatchers("/logout").permitAll()
.anyRequest().permitAll()
.and()
.authorizeRequests()
.antMatchers("/admin*").hasRole("admin")
.anyRequest().permitAll()
.and()
.logout().logoutUrl("/logout")
.and()
.sessionManagement().maximumSessions(1)
.maxSessionsPreventsLogin(true)
; //for maximum 1 session for any user
}
org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@87138d52: Principal: c8827230-1916-4026-923c-642be90d0d38; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@1e21cde6; Granted Authorities: ROLE_user, ROLE_uma_authorization
甚至2个主要对象的哈希值也不同:
Session 1: Printing Principal HAsh Value: -1854104148
Session 2: Printing Principal HAsh Value: -1904262684
我不知道如何解决并发登录问题。谢谢你的帮助
谢谢Keyclope版本:服务器版本3.4.3。最终春季启动版本:1.5.10。发布您是否尝试让其他人尝试启动同一用户会话(相同登录)来自不同的机器?是的。在不同的机器上,它也不工作。请尝试将sessionManagement和maxSessionsPreventsLogin移到最上面的authorizeRequest()行上方的行中,看看这是否有什么变化。@Adam确定我会尝试一下