1. 首页
  2. 问答
  3. Spring Security基本配置

Spring Security基本配置

2011-07-18 87 views
7

我想用以下方法配置使用Spring安全性的Spring MVC应用程序。Spring Security基本配置

  1. 只允许一个并发登录。
  2. 当HTTP会话过期时,用户将被重定向到/security/sessionTimeout.html
  3. 当用户登录成功时,他将被重定向到“/”文件夹。
  4. 当用户注销时,他也会被重定向到“/”。

我将其配置方式如下:

<security:http> 
<security:form-login login-page="/security/login.html" login-processing-url="/login" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/"/> 
    <security:session-management invalid-session-url="/security/sessionTimeout.html"> 
     <security:concurrency-control max-sessions="1" /> 
    </security:session-management> 
    <security:logout logout-url="/logout" logout-success-url="/"/> 
    </security:http>

,我有以下问题:

  1. 我可以用相同的帐户登录的2个不同的浏览器(没有并发控制工作)
  2. 当我点击注销时,我被重定向到“/security/sessionTimeout.html”而不是“/”。

我遵循Spring安全参考指南。 我在做什么错?

更新: 这就是我的web.xml的样子。

更新2: 只是在调试模式下运行的log4j,这是注销一下,当我得到了什么:

DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 1 of 11 in additional filter chain; firing Filter: 'ConcurrentSessionFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:130) - No HttpSession currently exists 
    DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: null. A new one will be created. 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
    DEBUG [http-8080-2] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
    DEBUG [http-8080-2] (FilterChainProxy.java:375) - /index.html at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 
    DEBUG [http-8080-2] (SessionManagementFilter.java:87) - Requested session IDD8429BBAAA9561A97E1D2350ED63BC35 is invalid. 
    DEBUG [http-8080-2] (SessionManagementFilter.java:90) - Starting new session (if required) and redirecting to '/security/sessionTimeout.html'

感觉我有应用于/index.html然后会话同治过滤器没有会话存在。我该如何解决它?

来源

2011-07-18 danny.lesnik

+0

项目b)正在发生,可能是因为您没有允许任何用户访问url'/'。 – bluefoot

+0

你使用哪个春季版本? – Simeon

+0

@Simeon,3.0.5和Spring 3.0.4 –

回答

2

the Spring Security documentation

要使用并发会话支持,你需要以下内容添加到web.xml中:

<listener> 
    <listener-class> 
    org.springframework.security.web.session.HttpSessionEventPublisher 
    </listener-class> 
</listener>

你加这个?

来源

2011-07-18 20:15:59

+0

它看起来像我拥有它,但我更新了我的整个web.xml配置。 –

+0

这并没有解决我的问题。 –

相关问题

 相关问题