当前位置:网站首页>security session concurrency management
security session concurrency management
2022-08-02 00:06:00 【Three or two lines of program】
一、简介
Session refers to the connection between the browser and the serversession交互过程
二、会话并发管理
1、What is session concurrency
当前系统中,Whether the same user can log in on multiple devices,springsecurity默认没有限制,You can log in on multiple devices,可以在springsecurity中配置管理
2、代码
引入security不做任何配置 By default, the same account can log in to access the system in multiple browsers
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()//开启会话管理
.maximumSessions(1);//The same account can only be logged in in one browser
}
/**
*找个bean可以不加,但是建议加上
* security提供一个mapcome to protect the currenthttp session记录 Implement session concurrency management,Add one when logging in ,Removes one from the collection on exit
*/
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}The following prompt appears when multiple browsers are logged in
This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).
Session invalidation how can we change to find a hint?
3、Handles when a session is pushed offline
3.1、传统web开发
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login");//Jump address when being squeezed offline
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}3.2、前后端分离
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredSessionStrategy(event -> {
HttpServletResponse response = event.getResponse();
Map<String,Object> map = new HashMap<>();
map.put("code",500);
map.put("msg","The current account is logged in from different places");
String result = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(result);
response.flushBuffer();
});//A parameter is a functional interface 直接用lambda处理
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}4、禁止再次登录
The default is to be squeezed offline You can set latecomers to be unable to log in
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.maxSessionsPreventsLogin(true);//一旦登录 禁止再次登录
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher(){
return new HttpSessionEventPublisher();
}
}5、Distributed session sharing
The above sessions are all passed in memorymap集中管理,Therefore, it cannot be shared in a distributed cluster system,To be used in the cluster,就要用spring-session集合redis实现session共享
引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>System profile configurationredis
spring.redis.port=6379
spring.redis.url=localhost
security配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//注入session管理方案
@Autowired
private FindByIndexNameSessionRepository findByIndexNameSessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/login")
.sessionRegistry(sessionRegistry())//将sessionWho to manage
.maxSessionsPreventsLogin(true);
}
/**
* 创建session 同步到redis的方案
*/
@Bean
public SpringSessionBackedSessionRegistry sessionRegistry(){
return new SpringSessionBackedSessionRegistry(findByIndexNameSessionRepository);
}
}边栏推荐
- [LeetCode304周赛] 两道关于基环树的题 6134. 找到离给定两个节点最近的节点,6135. 图中的最长环
- 月薪12K,蝶变向新,勇往直前—她通过转行测试实现月薪翻倍~
- 【Leetcode】479. Largest Palindrome Product
- cdh的hue上oozie启动报错,Cannot allocate containers as requested resource is greater than maximum allowed
- An interview question about iota in golang
- thinkphp漏洞总结
- Excel导入和导出
- 【Leetcode】473. Matchsticks to Square
- Chrome书签插件,让你实现高效整理
- DOM 基础操作
猜你喜欢
随机推荐
ICLR 2022 Best Paper: Partial Label Learning Based on Contrastive Disambiguation
ELK log collection
numpy.where
正则表达式
Architecture basic concept and nature of architecture
cdh6打开oozieWeb页面,Oozie web console is disabled.
With a monthly salary of 12K, the butterfly changed to a new one and moved forward bravely - she doubled her monthly salary through the career change test~
windows sql server 如何卸载干净?
cmd command
Use Jenkins for continuous integration, this knowledge point must be mastered
多御安全浏览器android版更新至1.7,改进加密协议
伸展树的特性及实现
Chapter 19 Tips and Traps: Common Goofs for Novices
Convert LocalDateTime to Date type
企业防护墙管理,有什么防火墙管理工具?
月薪12K,蝶变向新,勇往直前—她通过转行测试实现月薪翻倍~
机器学习文本分类
【Leetcode】1206. Design Skiplist
使用 Zadig 交付云原生微服务应用
【Leetcode】479. Largest Palindrome Product