silence念的gravatar头像
silence念 2018-01-31 09:53:12

spring boot java配置 spring security如何实现 session并发控制?

问题描述

希望能有个例子给我这小白学习一下如何实现session并发控制

运行环境

jdk8+tomcat7+mysql+IntelliJ IDEA+maven

项目技术(必填)

spring boot+spring mvc+spring security+mybatis+themleaf+jquery+h5

项目截图(必填)

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    private final UserDetailService userDetailService;

    public WebSecurityConfig(UserDetailService userDetailService) {
        this.userDetailService = userDetailService;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailService);
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/","/index","/register",
                            "/api/user/register/**",
                            "/css/**","/images/**","/js/**","/AmazeUI-2.4.2/**","/basic/**").
                    permitAll().
                    anyRequest().
                    authenticated().
                    and().
                formLogin().
                    loginPage("/login").
                    successForwardUrl("/api/user/login").
                    permitAll().
                    and().
                logout().
                    logoutSuccessUrl("/index").
                    permitAll().
                    and().
                rememberMe().
                    tokenValiditySeconds(1209600).
                    tokenRepository(tokenRepository());
        http.addFilterAfter(new LoginFilter(),RememberMeAuthenticationFilter.class);
        http.sessionManagement().maximumSessions(1).expiredUrl("/login").maxSessionsPreventsLogin(true).sessionRegistry(sessionRegistry());
        http.csrf().disable();
    }

    // 设置在内存中的用户
   /* @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)throws Exception{
        auth.inMemoryAuthentication().
                withUser("admin").password("admin").roles("USER","ADMIN")
                .and()
                .withUser("user").password("user").roles("USER");
    }*/

    @Autowired
    @Qualifier("dataSource")
    private DataSource dataSource;

    @Bean
    public JdbcTokenRepositoryImpl tokenRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        return jdbcTokenRepository;
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }
}

运行截图(必填)

登录两次,后一次登录会把上一次登录挤掉,阻止下一次登录也行

所有回答列表(1)
等一只喵喵的gravatar头像
等一只喵喵  LV1 2018年3月7日

你用spring-session

顶部 客服 微信二维码 底部
>扫描二维码关注最代码为好友扫描二维码关注最代码为好友