自己扩展的 UsernamePasswordAuthenticationFilter 该怎样配置并发会话控制?
自己谷歌了半天,应该是需要为自定义的 Filter 配置 SessionAuthenticationStrategy ,请老哥们帮我看看,是我哪里配的不对吗?
https://github.com/yodhcn/security-demo
public class MyUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
return super.attemptAuthentication(request, response);
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityContextRepository securityContextRepository() {
return new DelegatingSecurityContextRepository(
new HttpSessionSecurityContextRepository(),
new RequestAttributeSecurityContextRepository()
);
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public SessionAuthenticationStrategy authStrategy(SessionRegistry sessionRegistry) {
List<SessionAuthenticationStrategy> delegateStrategies = new ArrayList<>();
ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlAuthenticationStrategy =
new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
concurrentSessionControlAuthenticationStrategy.setMaximumSessions(1); // maximumSessions
delegateStrategies.add(concurrentSessionControlAuthenticationStrategy);
return new CompositeSessionAuthenticationStrategy(delegateStrategies);
}
@Bean
MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter(
AuthenticationManager authenticationManager,
SecurityContextRepository securityContextRepository) {
MyUsernamePasswordAuthenticationFilter filter = new MyUsernamePasswordAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager);
filter.setSecurityContextRepository(securityContextRepository);
return filter;
}
@Bean
public SecurityFilterChain filterChain(
HttpSecurity http,
MyUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter,
SecurityContextRepository securityContextRepository
) throws Exception {
http.authorizeHttpRequests()
.anyRequest().authenticated();
http.sessionManagement().maximumSessions(1); // maximumSessions
http.formLogin();
http.addFilterAt(myUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.