V2EX = way to explore V2EX 是一个关于分享和探索的地方
Sign Up Now For Existing Member Sign In
[SpringSecurity6] 自己扩展的 UsernamePasswordAuthenticationFilter 该怎样配置并发会话控制?
yodhcn yodhcn Mar 8, 2023 1562 viewsThis topic created in 1147 days ago, the information mentioned may be changed or developed.
自己扩展的 UsernamePasswordAuthenticationFilter 该怎样配置并发会话控制?
自己谷歌了半天,应该是需要为自定义的 Filter 配置 SessionAuthenticationStrategy ,请老哥们帮我看看,是我哪里配的不对吗?
https://github.com/yodhcn/security-demo
public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { return super.attemptAuthentication(request, response); } } @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public HttpSessionEventPublisher httpSessionEventPublisher() { return new HttpSessionEventPublisher(); } @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { return authenticationConfiguration.getAuthenticationManager(); } @Bean public SecurityContextRepository securityContextRepository() { return new DelegatingSecurityContextRepository( new HttpSessionSecurityContextRepository(), new RequestAttributeSecurityContextRepository() ); } @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); } @Bean public SessionAuthenticationStrategy authStrategy(SessionRegistry sessionRegistry) { List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<>(); ConcurrentSessionControlAuthenticationStrategy cOncurrentSessionControlAuthenticationStrategy= new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry); concurrentSessionControlAuthenticationStrategy.setMaximumSessions(1); // maximumSessions delegateStrategies.add(concurrentSessionControlAuthenticationStrategy); return new CompositeSessionAuthenticationStrategy(delegateStrategies); } @Bean MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter( AuthenticationManager authenticationManager, SecurityContextRepository securityContextRepository) { MyUsernamePasswordAuthenticationFilter filter = new MyUsernamePasswordAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager); filter.setSecurityContextRepository(securityContextRepository); return filter; } @Bean public SecurityFilterChain filterChain( HttpSecurity http, MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter, SecurityContextRepository securityContextRepository ) throws Exception { http.authrizeHttpRequests() .anyRequest().authenticated(); http.sessionManagement().maximumSessions(1); // maximumSessions http.formLogin(); http.addFilterAt(myUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); } @Bean public UserDetailsService userDetailsService() { UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER") .build(); return new InMemoryUserDetailsManager(user); } }  | 1 yodhcn OP 找到配置方法了 需要在 Configurer 里配置,才能拿到 SessionAuthenticationStrategy sessiOnAuthenticationStrategy= http .getSharedObject(SessionAuthenticationStrategy.class); https://stackoverflow.com/questions/65182973/not-able-to-implement-session-limiting-in-spring-security-with-custom-filter |
 | 2 mmdsun Mar 8, 2023 via iPhone filter 有个 setSessionAuthenticationStrategy ,我是直接用这个 set 进去的登录并发控制策略。 |
Select Language