个人中心
gpt4 book ai didi

java - Spring 安全: Cant get really users logged in using SessionRegistry that shows expired ones

转载 作者:行者123 更新时间:2023-12-01 19:02:15 25 4
gpt4 key购买 nike

也许应该配置 session 过期时间,或者我的代码中有错误?

我的 Controller 代码片段。即使已注销,它也会显示用户名。

@GetMapping("/")
  public String getProfilePage(Model model, Authentication authentication) {
    if (authentication == null) {
      return "redirect:/login";
    }
    UserDetailsImpl details = (UserDetailsImpl) authentication.getPrincipal();
    model.addAttribute("user", details.getUser());
    model.addAttribute("greeting", details.getUser().getGreeting());
    List<UserDetails> lu = sessionRegistry.getAllPrincipals()
        .stream()
        .filter(principal -> principal instanceof UserDetails)
        .map(UserDetails.class::cast)
        .collect(Collectors.toList());
    for (UserDetails l: lu){
      System.out.println(l.getUsername());
    }
    return "Profile";
  }

一个星期都无法解决这个问题。有一些答案Here但这并没有帮助解决我的问题。

最佳答案

这就是我的 SecurityConfig 类的样子:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Qualifier("dataSource")
  @Autowired
  private DataSource dataSource;

  @Autowired
  private PasswordEncoder passwordEncoder;

  @Autowired
  private UserDetailsService userDetailsServiceImpl;

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http
        .authorizeRequests()
        .antMatchers("/expired").permitAll()
        .antMatchers("/static/**").permitAll()
        .antMatchers("/users").hasAnyAuthority("ADMIN")
        .anyRequest().permitAll()
        .and()
        .formLogin().loginPage("/login")
        .usernameParameter("login")
        .passwordParameter("password")
        .failureUrl("/login?error").permitAll()
        .defaultSuccessUrl("/")
        .and()
        .rememberMe()
        .rememberMeParameter("remember-me")
        .tokenRepository(tokenRepository())
        .and()
        .logout()
        .deleteCookies("remember-me")
        .logoutUrl("/logout")
        .logoutSuccessUrl("/login")
        .permitAll();
    http.csrf().disable();
    http
        .sessionManagement()
        .maximumSessions(1)
//        .maxSessionsPreventsLogin(false)
        .sessionRegistry(sessionRegistryImpl());
  }

  @Bean
  public SessionRegistryImpl sessionRegistryImpl() {
    return new SessionRegistryImpl();
  }

  @Bean
  public HttpSessionEventPublisher httpSessionEventPublisher() {
    return new HttpSessionEventPublisher();
  }

  @Bean
  public PersistentTokenRepository tokenRepository() {
    JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
    tokenRepository.setDataSource(dataSource);
    return tokenRepository;
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder);
  }
}

并添加了AppInitializer:

@Configuration
public class AppInitializer implements WebApplicationInitializer {

  @Override
  public void onStartup(ServletContext servletContext) throws ServletException {
    servletContext.addListener(HttpSessionEventPublisher.class);
  }
}

关于java - Spring 安全: Cant get really users logged in using SessionRegistry that shows expired ones,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59618032/

25 4 0
文章推荐: java - 是什么导致了 java.lang.ArrayIndexOutOfBoundsException 以及如何防止它?
文章推荐: javascript - 可以设置跨域但无法获取值
文章推荐: java - 是否存在用于 PC 的无线可编程 Remote ?
文章推荐: java - 无法解决JPQL :parameter problem by using FUNC()
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com