1. 首頁
  2. 問答
  3. 是併發控制重寫

是併發控制重寫

2013-01-18 48 views
1

我有我的applicationContext-security.xml文件是併發控制重寫

<session-management session-authentication-error-url="/genesis"> 
     <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/genesis?sessionExpired=true"/> 
    </session-management>

這限制了用戶在單個會話。但是,我現在要求一個帳戶必須允許多個會話,同時仍然將所有其他帳戶限制爲單個會話。

有關我如何實現這一點的任何建議?

來源

2013-01-18 user497087

回答

2

覆蓋默認併發過濾器。跳過處理您的特殊用戶:

public class CustomConcurrentSessionFilter extends ConcurrentSessionFilter { 

    @Override 
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, 
     ServletException { 
     Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
     if (!auth.getName().equals("bob")) { 
      super.doFilter(req, res, chain); 
     } 
    } 

}

中的conf通過自定義的替換缺省過濾器:

<security:http ... > 
    <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="customConcurrentSessionFilter"/> 
</security:http> 

<bean id="customConcurrentSessionFilter" class="com.domain.CustomConcurrentSessionFilter"/>

來源

2013-01-18 10:34:55

+0

感謝快速的迴應。然而,閱讀Javadoc的ConcurrentSessionFilter我擔心,通過跳過執行,我會錯過它所做的一切。從API文檔看來,我想要做的是在自定義類中重寫ConcurrentSessionControlStrategy中的getMaximumSessionsForThisUser()方法,並將其注入到ConcurrentSessionFilter中。關於我如何實際配置這個的任何想法? – user497087

+2

在子類只重寫'getMaximumSessionsForThisUser()',並將其添加爲'SessionAuthenticationStrategy'(' 「SAS」')豆和添加'<會話管理會話的認證策略-REF = 「SAS」/>'和'<在UsernamePasswordAuthenticationFilter中的bean:property name =「sessionAuthenticationStrategy」ref =「sas」/>''。 – Xaerxess

+0

+1對於overridnig getMaximumSessionsForThisUser()在CustomSessionAuthenticationStrategy –

0

(我展開我的評論在這裏提供了這個問題更完整的解決方案。)

只需覆蓋getMaximumSessionsForThisUser()中的ConcurrentSessionFilter子類(下面我用com.example.CustomConcurrentSessionFilter)並在XML配置中添加:

  • SessionAuthenticationStrategy豆(id爲"sas"
  • <session-management session-authentication-strategy-ref="sas" /><http>
  • <bean:property name="sessionAuthenticationStrategy" ref="sas" />UsernamePasswordAuthenticationFilter

完成安裝應類似於一個顯示here in docs

<http> 
    <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> 
    <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" /> 

    <session-management session-authentication-error-url="/genesis" 
     session-authentication-strategy-ref="sas"/> 
</http> 

<beans:bean id="concurrencyFilter" 
    class="com.example.CustomConcurrentSessionFilter"> 
    <beans:property name="sessionRegistry" ref="sessionRegistry" /> 
    <beans:property name="expiredUrl" value="/genesis?sessionExpired=true" /> 
</beans:bean> 

<beans:bean id="myAuthFilter" 
    class="o.s.s.web.authentication.UsernamePasswordAuthenticationFilter"> 
    <beans:property name="sessionAuthenticationStrategy" ref="sas" /> 
    <beans:property name="authenticationManager" ref="authenticationManager" /> 
</beans:bean> 

<beans:bean id="sas" 
    class="o.s.s.web.authentication.session.ConcurrentSessionControlStrategy"> 
    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
    <beans:property name="exceptionIfMaximumExceeded" value="true" /> 
    <beans:property name="maximumSessions" value="1" /> 
</beans:bean> 

<beans:bean id="sessionRegistry" 
    class="o.s.s.core.session.SessionRegistryImpl" />

來源

2013-03-26 11:45:08 Xaerxess

相關問題

 相關問題