Spring security SessionRegistry和基于bean的配置问题
我正在使用SpringSecurity3.0.5,并试图获得当前登录用户的数量。我的场景是预验证的,并使用基于bean的配置,而不是基于Spring security SessionRegistry和基于bean的配置问题,spring,session,spring-security,Spring,Session,Spring Security,我正在使用SpringSecurity3.0.5,并试图获得当前登录用户的数量。我的场景是预验证的,并使用基于bean的配置,而不是基于命名空间的配置(在这种情况下,这看起来很简单) 我的配置文件如下: <beans:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> <filter-chain-map path-ty
命名空间的配置(在这种情况下,这看起来很简单)
我的配置文件如下:
<beans:bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/**/resources/**" filters="none" />
<filter-chain pattern="/**/logout/**" filters="none" />
<filter-chain pattern="/service/**" filters="none" />
<filter-chain pattern="/**"
filters="sif,concurrencyFilter,shibbolethFilter,smf,logoutFilter,etf,fsi" />
</filter-chain-map>
</beans:bean>
<beans:bean id="sif"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
<beans:bean id="scr"
class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
<beans:bean id="smf"
class="org.springframework.security.web.session.SessionManagementFilter">
<beans:constructor-arg name="securityContextRepository"
ref="scr" />
<beans:property name="sessionAuthenticationStrategy"
ref="sas" />
</beans:bean>
<beans:bean id="shibbolethFilter"
class="PreAuthenticatedShibbolethAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="exceptionIfHeaderMissing" value="true" />
<beans:property name="continueFilterChainOnUnsuccessfulAuthentication"
value="true" />
<beans:property name="developmentMode" value="true" />
<beans:property name="authenticationSuccessHandler"
ref="customAuthenticationSuccessHandlerBean" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/session-expired.html" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='preauthAuthProvider' />
</authentication-manager>
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="logoutHandlerBean"
class="LogoutSuccessHandlerImpl" />
<beans:bean id="userDetailsService"
class="CustomJdbcDaoImpl">
<beans:property name="dataSource" ref="projectDS" />
<beans:property name="enableGroups" value="true" />
<beans:property name="enableAuthorities" value="false" />
</beans:bean>
在我的控制器中,我有以下代码:
@资源(name=“sessionRegistry”)
非公开会议登记处会议登记处
private void doTest(){
List principals=sessionReg.getAllPrincipals();
for(对象o:主体){
List siList=sessionReg.getAllSessions(o,
正确的);
用于(会话信息si:siList){
logger.error(si.getSessionId()+“”+si.getPrincipal());
}
}
}
列表主体
总是空的。我觉得扩展的AbstractPreauthenticatedHibbolethAuthenticationFilter
过滤器AbstractPreAuthenticatedProcessingFilter
应该得到引用
到ConcurrentSessionControl策略
,但是,没有这样的属性可以设置。
我缺少什么?SecurityContextPersistenceFilter需要SecurityContextExtrespository
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" >
<property name="securityContextRepository" ref="scr" />
</bean>
是否“maximumSessions=1”限制了预期的工作,即一个主体可以进行两次身份验证?这是您编写的自定义类吗?如果是,您能告诉我们它扩展了什么基类吗?
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" >
<property name="securityContextRepository" ref="scr" />
</bean>