SessionRegistry没有任何委托人

时间:2014-02-14 13:29:54

标签: java xml spring spring-mvc spring-security

我正在尝试使用Spring Security的SessionRegistry使所有会话无效。不幸的是,当我上课时,它没有任何校长。我跟着教程: http://krams915.blogspot.com/2010/12/spring-security-mvc-querying.html 我有以下配置:

的web.xml:

<web-app version="2.4"
     xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>Spring MVC Application</display-name>

<servlet>
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/mvc-dispatcher-servlet.xml,
    </param-value>
</context-param>

<context-param>
    <param-name>log4jConfigLocation</param-name>
    <param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Needed by session information -->

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

<!-- UTF-8 Encoding -->
<!-- IMPORTANT! This filter must defined before all the others -->
<filter>
    <filter-name>SetCharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>SetCharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- PUT Support -->
<filter>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>hiddenHttpMethodFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Error pages mapping - commented on developer server-->
<!--error-page>
    <error-code>400</error-code>
    <location>/WEB-INF/views/pages/errors/400.jsp</location>
</error-page>

<error-page>
    <error-code>403</error-code>
    <location>/WEB-INF/views/pages/errors/403.jsp</location>
</error-page>

<error-page>
    <error-code>404</error-code>
    <location>/WEB-INF/views/pages/errors/404.jsp</location>
</error-page>

<error-page>
    <error-code>500</error-code>
    <location>/WEB-INF/views/pages/errors/500.jsp</location>
</error-page-->
</web-app>

弹簧security.xml文件:

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<beans:bean id="userDetailsService" class="agh.ideafactory.obieraki.service.impl.UserDetailsServiceImpl" />

<beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
    <beans:constructor-arg value="512"/>
</beans:bean>

<authentication-manager id="authenticationManager">
    <authentication-provider user-service-ref="userDetailsService" >
        <password-encoder ref="shaPasswordEncoder"/>
    </authentication-provider>
</authentication-manager>

<!-- Session information configuration section -->

<!-- This is where session information is kept -->
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

<!-- Concurrency filter used for concurrent session management -->
<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    <beans:constructor-arg name="expiredUrl" value="/sessionexpired" />
</beans:bean>

<!-- Login form beans - custom filters disables form-login tag -->

<beans:bean id="authenticationEntryPoint"
            class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:constructor-arg name="loginFormUrl" value="/login" />
</beans:bean>

<beans:bean id="customAuthenticationSuccessHandler"
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:constructor-arg name="defaultTargetUrl" value="/" />
</beans:bean>

<beans:bean id="customAuthenticationFailureHandler"
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <beans:constructor-arg name="defaultFailureUrl" value="/loginfailed" />
</beans:bean>

<!-- Authentication filter used for handling login form -->

<beans:bean id="authenticationFilter"
            class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler" />
    <beans:property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler" />
</beans:bean>

<!-- Session Authentication Strategy - here we define parameters for handling session -->

<beans:bean id="sessionAuthenticationStrategy"
            class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    <beans:property name="maximumSessions" value="1" />
    <beans:property name="exceptionIfMaximumExceeded" value="true" />
    <beans:property name="migrateSessionAttributes" value="true" />
</beans:bean>

<!-- End of session information configuration section -->

<global-method-security pre-post-annotations="enabled" authentication-manager-ref="authenticationManager" />

<http auto-config="false"
      use-expressions="true"
      authentication-manager-ref="authenticationManager"
      entry-point-ref="authenticationEntryPoint">
    <!-- We need custom filters to intercept session information -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
    <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
    <!-- Unfortunately, it disables tag: form-login -->
    <intercept-url pattern="/favicon.ico" access="permitAll"/>
    <intercept-url pattern="/login" access="permitAll"/>
    <intercept-url pattern="/loginfailed" access="permitAll"/>
    <intercept-url pattern="/resources/**" access="permitAll"/>
    <intercept-url pattern="/**" access="hasAnyRole('STUDENT', 'YEAR_REPRESENTATIVE', 'ADMIN')" />
    <logout logout-success-url="/" />
    <!--<form-login authentication-failure-url="/loginfailed" login-page="/login" default-target-url="/" />
    <session-management session-fixation-protection="migrateSession">
        <concurrency-control expired-url="/expiredsession"
                             max-sessions="1"
                             error-if-maximum-exceeded="true"
                             session-registry-alias="sessionRegistry" />
    </session-management>-->
    <session-management session-authentication-strategy-ref="sessionAuthenticationStrategy" />
</http>

</beans:beans>

MVC-调度-servlet.xml中

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans.xsd">

<import resource="properties-configuration.xml"/>
<import resource="spring-security.xml"/>
<import resource="mvc-configuration.xml"/>
<import resource="classpath*:database/hibernate.xml"/>

<import resource="jsp-configuration.xml"/>


</beans>

在这里,我试图使用户会话无效:

[...]
public class SessionUtilsImpl implements SessionUtils{
[...]
@Autowired
@Qualifier("sessionRegistry")
private SessionRegistry sessionRegistry;
[...]
@Override
public void invalidateStudentSessions( final Student student ) {
    final List<Object> principals = sessionRegistry.getAllPrincipals();
    for (final Object principal : principals) {
        if (principal instanceof User) {
            final User currentUser = (User) principal;
            if (currentUser.getUsername().equals( student.getUsername() )) {
                final List<SessionInformation> sessionInformations = sessionRegistry
                        .getAllSessions( currentUser, false );
                for (final SessionInformation sessionInformation : sessionInformations) {
                    sessionInformation.expireNow();
                    sessionRegistry
                            .removeSessionInformation( sessionInformation.getSessionId() );
                }
            }
        }
    }
}
[...]

此处没有其他方法使用SessionRegistry。

那么,发生了什么?我调试了类ConcurrentSessionStrategy并且在那里它工作正常,但在我的课程中我得到了另一个的SessionRegistryImpl实例。任何人都有任何想法如何解决它?

0 个答案:

没有答案
相关问题
最新问题