当前位置:网站首页>security session concurrency management
security session concurrency management
2022-08-02 00:06:00 【Three or two lines of program】
一、简介
Session refers to the connection between the browser and the serversession交互过程
二、会话并发管理
1、What is session concurrency
当前系统中,Whether the same user can log in on multiple devices,springsecurity默认没有限制,You can log in on multiple devices,可以在springsecurity中配置管理
2、代码
引入security不做任何配置 By default, the same account can log in to access the system in multiple browsers
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()//开启会话管理
.maximumSessions(1);//The same account can only be logged in in one browser
}
/**
*找个bean可以不加,但是建议加上
* security提供一个mapcome to protect the currenthttp session记录 Implement session concurrency management,Add one when logging in ,Removes one from the collection on exit
*/
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}The following prompt appears when multiple browsers are logged in
This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).
Session invalidation how can we change to find a hint?
3、Handles when a session is pushed offline
3.1、传统web开发
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login");//Jump address when being squeezed offline
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}3.2、前后端分离
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredSessionStrategy(event -> {
HttpServletResponse response = event.getResponse();
Map<String,Object> map = new HashMap<>();
map.put("code",500);
map.put("msg","The current account is logged in from different places");
String result = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(result);
response.flushBuffer();
});//A parameter is a functional interface 直接用lambda处理
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}4、禁止再次登录
The default is to be squeezed offline You can set latecomers to be unable to log in
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.maxSessionsPreventsLogin(true);//一旦登录 禁止再次登录
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}5、Distributed session sharing
The above sessions are all passed in memorymap集中管理,Therefore, it cannot be shared in a distributed cluster system,To be used in the cluster,就要用spring-session集合redis实现session共享
引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>System profile configurationredis
spring.redis.port=6379
spring.redis.url=localhost
security配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//注入session管理方案
@Autowired
private FindByIndexNameSessionRepository findByIndexNameSessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.sessionRegistry(sessionRegistry())//将sessionWho to manage
.maxSessionsPreventsLogin(true);
}
/**
* 创建session 同步到redis的方案
*/
@Bean
public SpringSessionBackedSessionRegistry sessionRegistry(){
return new SpringSessionBackedSessionRegistry(findByIndexNameSessionRepository);
}
}边栏推荐
- @Resource和@Autowired的区别
- [LeetCode304周赛] 两道关于基环树的题 6134. 找到离给定两个节点最近的节点,6135. 图中的最长环
- The third chapter of the imitation cattle network project: develop the core functions of the community (detailed steps and ideas)
- 颜色透明参数
- 几道关于golang并发的面试题
- Thymeleaf简介
- 架构基本概念和架构本质
- 正则表达式
- cdh6 opens oozieWeb page, Oozie web console is disabled.
- @Scheduled注解详解
猜你喜欢
随机推荐
【三子棋】C语言实现简易三子棋
6134. Find the closest node to the given two nodes - force double hundred code
OpenCV DNN blogFromImage()详解
EasyExcel的简单读取操作
斜堆、、、
Use Jenkins for continuous integration, this knowledge point must be mastered
ES中SQL查询详解
Chapter 11 Working with Dates and Times
FAST-LIO2代码解析(二)
cdh的hue上oozie启动报错,Cannot allocate containers as requested resource is greater than maximum allowed
【ACWing】406. 放置机器人
contentEditable属性
一款简洁的文件传输工具
GetHashCode与Equals
color transparency parameter
工件SSMwar exploded 部署工件时出错。请参阅服务器日志了解详细信息
Department project source code sharing
[LeetCode304 Weekly Competition] Two questions about the base ring tree 6134. Find the closest node to the given two nodes, 6135. The longest cycle in the graph
LocalDateTime转为Date类型
WEB安全基础 - - - XRAY使用