当前位置:网站首页>security 会话并发管理
security 会话并发管理
2022-08-01 23:52:00 【程序三两行】
一、简介
会话指得是浏览器和服务端通过session交互过程
二、会话并发管理
1、什么是会话并发
当前系统中,同一个用户是否可以在多台设备登录,springsecurity默认没有限制,可以在多台设备登录,可以在springsecurity中配置管理
2、代码
引入security不做任何配置 默认同一个账号是可以在多个浏览器登录访问系统
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()//开启会话管理
.maximumSessions(1);//同一个账号只能在一个浏览器登录
}
/**
*找个bean可以不加,但是建议加上
* security提供一个map来集护当前http session记录 实现会话并发管理,当登录时候增加一条 ,退出时从集合移除一个
*/
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}当多个浏览器登录时候出现如下提示
This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).
会话失效我们该如何改变找个提示?
3、会话被挤下线时处理
3.1、传统web开发
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login");//被挤下线时候跳转地址
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}3.2、前后端分离
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredSessionStrategy(event -> {
HttpServletResponse response = event.getResponse();
Map<String,Object> map = new HashMap<>();
map.put("code",500);
map.put("msg","当前账号异地登录");
String result = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(result);
response.flushBuffer();
});//参数是个函数式接口 直接用lambda处理
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}4、禁止再次登录
默认是被挤下线方式 可以设置后来者无法登录
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.maxSessionsPreventsLogin(true);//一旦登录 禁止再次登录
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}5、分布式会话共享
上面会话都是通过内存中的map集中管理,所以无法在分布式集群系统中共享,要在集群中使用,就要用spring-session集合redis实现session共享
引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>系统配置文件配置redis
spring.redis.port=6379
spring.redis.url=localhost
security配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//注入session管理方案
@Autowired
private FindByIndexNameSessionRepository findByIndexNameSessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.sessionRegistry(sessionRegistry())//将session交给谁管理
.maxSessionsPreventsLogin(true);
}
/**
* 创建session 同步到redis的方案
*/
@Bean
public SpringSessionBackedSessionRegistry sessionRegistry(){
return new SpringSessionBackedSessionRegistry(findByIndexNameSessionRepository);
}
}边栏推荐
- cmd command
- 【MySQL系列】MySQL数据库基础
- Programmer is still short of objects? A new one is enough
- The third chapter of the imitation cattle network project: develop the core functions of the community (detailed steps and ideas)
- async和await用法介绍
- Appears in oozie on CDH's hue, error submitting Coordinator My Schedule
- 带你搞懂MySQL隔离级别,两个事务同时操作同一行数据会怎样?
- Dynamic Scene Deblurring with Parameter Selective Sharing and Nested Skip Connections
- 如何用Redis实现分布式锁?
- Flink学习第四天——完成第一个Flink 流批一体案例
猜你喜欢
@Resource和@Autowired的区别
Thymeleaf简介
Wincc报表教程(SQL数据库的建立,wincc在数据库中保存和查询数据,调用Excel模板把数据保存到指定的位置和打印功能)
2022还想上岸学习软件测试必看,测试老鸟的肺腑之言...
![[C language advanced] file operation (2)](/img/4d/49d9603aeed16f1600d69179477eb3.png)
[C language advanced] file operation (2)
Data Organization --- Chapter 5 Trees and Binary Trees --- The Concept of Binary Trees --- Application Questions
技术分享 | 接口测试中如何使用Json 来进行数据交互 ?
cdh6 opens oozieWeb page, Oozie web console is disabled.
Leetcode 129求根节点到叶节点数字之和、104二叉树的最大深度、8字符串转换整数(atoi)、82删除排序链表中的重复元素II、204二分查找、94二叉树的中序遍历、144二叉树的前序遍历
![[Camp Experience Post] 2022 Cybersecurity Summer Camp](/img/1e/716bafc679dc67d3d54bcc21a3b670.png)
[Camp Experience Post] 2022 Cybersecurity Summer Camp
随机推荐
Thinkphp 5.0.24变量覆盖漏洞导致RCE分析
Excel文件读写(创建与解析)
机器学习文本分类
6134. Find the closest node to the given two nodes - force double hundred code
工作5年,测试用例都设计不好?来看看大厂的用例设计总结
多御安全浏览器android版更新至1.7,改进加密协议
The third chapter of the imitation cattle network project: develop the core functions of the community (detailed steps and ideas)
在MySQL中使用MD5加密【入门体验】
【Leetcode】2360. Longest Cycle in a Graph
工件SSMwar exploded 部署工件时出错。请参阅服务器日志了解详细信息
[Camp Experience Post] 2022 Cybersecurity Summer Camp
云原生DevOps环境搭建
Artifact XXXwar exploded Artifact is being deployed, please wait...(已解决)
C language - branch statement and loop statement
路径压缩、、
Quartus 使用 tcl 文件快速配置管脚
Additional Features for Scripting
6132. All the elements in the array is equal to zero - quick sort method
【图像融合】基于加权和金字塔实现图像融合附matlab代码
Quartus uses tcl files to quickly configure pins