Spring 如何实现HttpSessionBindingListener?(春季安全)
我使用的是SpringMVC,没有SpringBoot,也没有web.xml 我需要实现HttpSessionBindingListener 我不知道如何让它工作 我尝试了很多选择,但这不想起作用 UserActive.javaSpring 如何实现HttpSessionBindingListener?(春季安全),spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我使用的是SpringMVC,没有SpringBoot,也没有web.xml 我需要实现HttpSessionBindingListener 我不知道如何让它工作 我尝试了很多选择,但这不想起作用 UserActive.java @Service public class UserActive implements HttpSessionBindingListener { Logger logger = LoggerFactory.getLogger(User
@Service
public class UserActive implements HttpSessionBindingListener {
Logger logger = LoggerFactory.getLogger(UserActive.class);
@Override
public void valueBound(HttpSessionBindingEvent event) {
logger.info("Log in : {}", event.getName() );
}
@Override
public void valueUnbound(HttpSessionBindingEvent event) {
logger.info("Log out : {}", event.getName() );
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/").permitAll()
.mvcMatchers("/login").anonymous()
.mvcMatchers("/user").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and().csrf().disable()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
}
}
@EnableWebMvc
@Configuration
@EnableWebSecurity
@ComponentScan({"com.testbindinglistener.security", "com.testbindinglistener.service"})
public class RootConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
SecurityConfig.java
@Service
public class UserActive implements HttpSessionBindingListener {
Logger logger = LoggerFactory.getLogger(UserActive.class);
@Override
public void valueBound(HttpSessionBindingEvent event) {
logger.info("Log in : {}", event.getName() );
}
@Override
public void valueUnbound(HttpSessionBindingEvent event) {
logger.info("Log out : {}", event.getName() );
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/").permitAll()
.mvcMatchers("/login").anonymous()
.mvcMatchers("/user").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and().csrf().disable()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
}
}
@EnableWebMvc
@Configuration
@EnableWebSecurity
@ComponentScan({"com.testbindinglistener.security", "com.testbindinglistener.service"})
public class RootConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
RootConfig.java
@Service
public class UserActive implements HttpSessionBindingListener {
Logger logger = LoggerFactory.getLogger(UserActive.class);
@Override
public void valueBound(HttpSessionBindingEvent event) {
logger.info("Log in : {}", event.getName() );
}
@Override
public void valueUnbound(HttpSessionBindingEvent event) {
logger.info("Log out : {}", event.getName() );
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/").permitAll()
.mvcMatchers("/login").anonymous()
.mvcMatchers("/user").hasAnyRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and().csrf().disable()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
}
}
@EnableWebMvc
@Configuration
@EnableWebSecurity
@ComponentScan({"com.testbindinglistener.security", "com.testbindinglistener.service"})
public class RootConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
为什么需要一个
httpsessionbindingstener
?另外,如果不使用Spring Boot,则需要一个实现WebApplicationInitializer
(或扩展AbstractAnnotationConfigDispatchersServletInitializer
)的类来注册上下文并添加侦听器。将其注册为bean将不起作用,因为这只在使用Spring Boot时起作用。我是否正在尝试这样做?你的回答帮助我解决了问题。谢谢