个人中心
文章发布
退出
作者热门文章
- iOS/Objective-C 元类和类别
- objective-c - -1001 错误,当 NSURLSession 通过 httpproxy 和/etc/hosts
- java - 使用网络类获取 url 地址
- ios - 推送通知中不播放声音
25
4
我在尝试让我的 SessionDestroyedEvent 工作时遇到问题。我希望它在 session 超时时打印出来。我正在清除我的历史以强制其超时。
这是我的代码:
@Service
public class MyTimeoutFilter implements
ApplicationListener<ApplicationEvent>
{
public MyTimeoutFilter()
{
super();
System.out.println("Application context listener is created!");
}
public void onApplicationEvent(ApplicationEvent event)
{
if (event instanceof SessionDestroyedEvent)
{
SessionDestroyedEvent sdEvent = (SessionDestroyedEvent) event;
List<SecurityContext> lstSecurityContext = sdEvent
.getSecurityContexts();
for (SecurityContext securityContext : lstSecurityContext)
{
System.out.println("Security Context: "
securityContext.getAuthentication().getName());
}
}
System.out.println("This is a test.");
}
}
我得到的只是“应用程序上下文监听器已创建。”,然后是“这是一个测试”。我从来没有运行 if 语句中的代码。
这是我的 web.xml:
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,
/WEB-INF/spring/appServlet/security-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
我没有名为“application-context.xml”的文件。但是我有一个“servlet-context.xml”和一个“security-context.xml”。两者都是:
Servlet-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<annotation-driven />
<resources mapping="/static/**" location="/static/" />
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.blahblahblah.bagbox" />
<context:property-placeholder location="classpath*:jdbc.properties" />
<mvc:annotation-driven />
<tx:annotation-driven />
<beans:bean class="org.springframework.web.servlet.view.BeanNameViewResolver">
<beans:property name="order">
<beans:value>1</beans:value>
</beans:property>
</beans:bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<beans:bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close" p:driverClass="${app.jdbc.driverClassName}"
p:jdbcUrl="${app.jdbc.url}" p:user="${app.jdbc.username}" p:password="${app.jdbc.password}"
p:acquireIncrement="5" p:idleConnectionTestPeriod="60" p:maxPoolSize="100"
p:maxStatements="50" p:minPoolSize="10" />
<beans:bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
</beans:beans>
这是我的 Security-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="false" use-expressions="true"
entry-point-ref="loginUrlAuthenticationEntryPoint">
<security:intercept-url pattern="/login*"
access="isAnonymous()" />
<security:intercept-url pattern="/logout*"
access="isAnonymous()" />
<security:intercept-url pattern="/static/**"
access="permitAll" />
<security:intercept-url pattern="/**"
access="isFullyAuthenticated()" />
<security:intercept-url pattern="/"
access="isFullyAuthenticated()" />
<security:anonymous />
<security:custom-filter ref="loginFilter"
position="FORM_LOGIN_FILTER" />
<security:custom-filter position="LOGOUT_FILTER"
ref="logoutFilter" />
</security:http>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.html" />
</beans:bean>
<beans:bean id="loginFilter"
class="com.blahblahblah.bagbox.security.filter.MyLoginFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler"
ref="failureHandler" />
<beans:property name="authenticationSuccessHandler"
ref="successHandler" />
</beans:bean>
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/" />
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/loginFailed.html" />
</beans:bean>
<beans:bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/login.html" />
<beans:constructor-arg index="1">
<beans:list>
<beans:bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="logoutHandler"
class="com.blahblahblah.bagbox.security.filter.MyLogoutHandler" />
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout.html" />
</beans:bean>
<security:global-method-security
secured-annotations="enabled" />
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="ldapAuthProvider" />
</security:authentication-manager>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:ref local="bindAuthenticator" />
</beans:constructor-arg>
<beans:constructor-arg>
<beans:ref local="authoritiesPopulator" />
</beans:constructor-arg>
<beans:property name="userDetailsContextMapper" ref="userDetailsContextMapper" />
</beans:bean>
<beans:bean id="bindAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="initialDirContextFactory" />
<beans:property name="userSearch" ref="userSearch" />
</beans:bean>
<beans:bean id="authoritiesPopulator"
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="initialDirContextFactory" />
<beans:constructor-arg value="" />
<beans:property name="groupRoleAttribute" value="cn" />
<beans:property name="searchSubtree" value="true" />
<beans:property name="rolePrefix" value="ROLE_" />
<beans:property name="convertToUpperCase" value="true" />
</beans:bean>
<beans:bean id="userDetailsContextMapper"
class="org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper" />
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1"
value="(sAMAccountName={0})" />
<beans:constructor-arg index="2"
ref="initialDirContextFactory" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
<beans:bean id="initialDirContextFactory"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldap://ccpdc.countrycurtains.local:389/dc=countrycurtains,dc=local" />
<beans:property name="userDn"
value="CN=LDAP BIND,CN=Users,DC=countrycurtains,DC=local" />
<beans:property name="password" value="ld4pb1nd" />
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry key="java.naming.referral">
<beans:value>follow</beans:value>
</beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
</beans:beans>
有丰富 SessionDestroyedEvent 经验和/或让 session 超时与 Spring Security 一起工作的人可以帮助我吗?我在 Google 上查找的所有代码都指向不再有效的方法(例如 getSecurityContext(),当它已更改为 getSecurityContexts() 时)。
最佳答案
不要忘记在 web.xml 中声明 HttpSessionEventPublisher:
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
我也不太明白清除历史记录应该如何强制 session 超时。如果你想测试 session 超时功能,你需要在 web.xml 中配置一些小的 session 超时(例如,1 分钟),登录并等待它超时。
关于java - 如何使用 SessionDestroyedEvent?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13272378/
25
4
0
我在尝试让我的 SessionDestroyedEvent 工作时遇到问题。我希望它在 session 超时时打印出来。我正在清除我的历史以强制其超时。 这是我的代码: @Service public
我需要审核超时 logOut 事件,我搜索了一下并找到了解决方案。但这不起作用。当用户注销或超时时,根本不会调用事件方法。 这是我的代码:ObjectLock.java: @Component pub
我有以下 session 销毁监听器: public class SessionStateListener implements ApplicationListener { private s
我有一个 Spring 应用程序,其中 session 存储在具有短超时 (1m) 的 redis 中。我想在我的 session 超时后调用一个函数,但是 SessionDestroyedEvent
在 Spring 中,SessionDestroyedEvent 是基于 redis notify-keyspace-events 发出的,这在 Heroku 中被禁用:https://help.he
我正在使用 Spring Session 1.0.1。我需要在用户注销时执行一些逻辑,并且需要依靠 HTTP session 失效来覆盖用户未能显式注销的情况。 标准 Spring Security
我是一名优秀的程序员,十分优秀!