嗨,我正在尝试使用 spring security3.1 实现并发控制,但它不起作用。我正在使用 FilterChainProxy,所以我不知道如何在其中使用并发控制。我尝试过的代码低于我所缺少的,请帮助我出去?
豆文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
">
<!-- Custom code by rajesh -->
<!-- =================================================================== -->
<!-- Create sessionRegistry Implementation Bean -->
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean name="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/modules/my/login.do"/>
</bean>
<bean id="sas" class="com.xxxx.xxx.security.filter.MyConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="securityImpl" ref="SecurityImpl"/>
</bean>
<!-- =================================================================== -->
<!-- Custom code ended by rajesh -->
<!-- Create ISecurity Implementation Bean -->
<bean id="SecurityImpl" class="com.xxxx.xxx.security.impl.SecurityImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="persistentRememberMeTokenRepositoryImpl" >
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenRepositoryImpl">
<property name="dao">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
</property>
</bean>
<bean id="ISecurityImpl"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="SecurityImpl" />
<property name="proxyTargetClass" value="false" />
<property name="transactionAttributes">
<props>
<prop key="set*">PROPAGATION_REQUIRED</prop>
<prop key="checkPasswordExpiry">PROPAGATION_REQUIRED</prop>
<prop key="expireSessionBySessionId">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="myFilterSecurityInterceptor" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant" >
<security:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,concurrencyFilter, logoutFilter, usernamePasswordAuthenticationFilter, rememberMeAuthenticationFilter, passwordExpiryFilter , anonymousAuthenticationFilter, accountExpiryFilter, exceptionTranslationFilter, filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- the post-logout destination -->
<constructor-arg value="/modules/my/login.do" />
<constructor-arg>
<array>
<ref bean="myRememberMeService"/>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</array>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout_my" />
</bean>
<bean id="usernamePasswordAuthenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="sessionAuthenticationStrategy" ref="sas" />
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="rememberMeServices" ref="myRememberMeService" />
<property name="filterProcessesUrl" value="/my_authentication_service"></property>
<property name="usernameParameter" value="loginid" />
<property name="passwordParameter" value="password" />
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="accountExpiryFilter" class="com.xxxx.xxx.security.filter.MyAccountExpiryFilter">
<property name="securityImpl" ref="SecurityImpl"/>
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="passwordExpiryFilter"
class="com.xxxx.xxx.security.filter.MyPasswordExpiryFilter">
<property name="securityImpl" ref="SecurityImpl"/>
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="AuthenticationFailureHandlerImpl"
class="com.xxxx.xxx.security.impl.AuthenticationFailureHandlerImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="defaultFailureUrl" value="/modules/my/login.do?error=1" />
</bean>
<bean id="AuthenticationFailureHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AuthenticationFailureHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="onAuthenticationFailure">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="AuthenticationSuccessHandlerImpl"
class="com.xxxx.xxx.security.impl.AuthenticationSuccessHandler">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="targetUrlParameter" value="redirect-to"></property>
</bean>
<bean id="AuthenticationSuccessHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AuthenticationSuccessHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="onAuthenticationSuccess">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="rememberMeAuthenticationFilter"
class="com.xxxx.xxx.security.filter.MyRememberMeAuthenticationFilter">
<property name="rememberMeServices" ref="myRememberMeService" />
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="securityImpl" ref="SecurityImpl"/>
</bean>
<bean id="anonymousAuthenticationFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
<property name="key" value="XXXXXXXX" />
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/modules/my/login.do" />
</bean>
</property>
<property name="accessDeniedHandler" ref="AccessDeniedHandler" />
</bean>
<bean id="AccessDeniedHandlerImpl" class="com.xxxx.xxx.security.impl.AccessDeniedHandlerImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="errorPage" value="/modules/errors/accessDenied.do" />
</bean>
<bean id="AccessDeniedHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AccessDeniedHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="handle">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="accessDecisionManager" ref="myAffirmativeBasedAccessDecisionManager" />
<property name="securityMetadataSource">
<security:filter-security-metadata-source
use-expressions="true" lowercase-comparisons="true">
<!-- Core Actions -->
<security:intercept-url pattern="/modules/my/login.do"
access="permitAll" />
<security:intercept-url pattern="/modules/my/credentialExpired.do"
access="hasRole('ROLE_ANONYMOUS')" />
<security:intercept-url pattern="/modules/my/*"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean class="org.springframework.security.access.vote.AffirmativeBased"
id="myAffirmativeBasedAccessDecisionManager">
<property name="decisionVoters">
<list>
<bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler" ref="MyWebSecurityExpressionHandler" />
</bean>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="MyWebSecurityExpressionHandler"
class="com.xxxx.xxx.security.spring.web.MyWebSecurityExpressionHandler">
<property name="iSecurity" ref="SecurityImpl" />
<property name="roleHierarchy">
<bean
class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
<property name="hierarchy">
<value>
ROLE_MY > ROLE_ADMIN
ROLE_ADMIN > ROLE_USER
ROLE_USER > ROLE_PORTAL_USER
ROLE_PORTAL_USER > ROLE_GUEST
ROLE_GUEST > ROLE_ANONYMOUS
</value>
</property>
</bean>
</property>
</bean>
<bean id="myAuthenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="authenticationEventPublisher" ref="myAuthEventPublisher" />
<property name="providers">
<list>
<bean
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="myUserDetailsService" />
<property name="passwordEncoder">
<bean id="myPasswordEncoder"
class="com.xxxx.xxx.security.spring.MyPasswordEncoder">
<property name="passwordEncryptor" ref="myPasswordEncryptor"></property>
</bean>
</property>
</bean>
<bean
class="org.springframework.security.authentication.AnonymousAuthenticationProvider ">
<property name="key" value="xxxxxxxxxxxxxx" />
</bean>
<bean
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="MY_SECURE_REMME_MY_APP" />
</bean>
</list>
</property>
</bean>
<bean id="myUserDetailsService" class="com.xxxx.xxx.impl.core.users.UserImpl">
<property name="dao" ref="userDao" />
<property name="passwordEncryptor" ref="myPasswordEncryptor" />
</bean>
<!-- like for example at new user sign-up. -->
<bean id="myRememberMeService"
class="com.xxxx.xxx.security.impl.DefaultMyRememberMeServices">
<property name="tokenRepository">
<bean
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenRepositoryImpl">
<property name="dao">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
</property>
<property name="proxyTargetClass" value="false" />
<property name="transactionAttributes">
<props>
<prop key="*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</property>
<property name="userDetailsService" ref="myUserDetailsService" />
<property name="key" value="MY_SECURE_REMME_MY_APP" />
<property name="alwaysRemember" value="false" />
<property name="useSecureCookie" value="true" />
<property name="cookieName" value="MY_SECURE_REMME" />
<property name="parameter" value="MY_REMME" />
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
<bean id="myPasswordEncryptor" class="com.xxxx.xxx.security.spring.MyPasswordEncryptor" />
<bean id="myAuthEventPublisher"
class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher" />
<bean id="authenticationListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<bean id="authorizationListener"
class="org.springframework.security.access.event.LoggerListener" />
<bean id="DatabaseConfigImpl" class="com.xxxx.xxx.impl.core.database.config.DatabaseConfigImpl"></bean>
<bean id="IDatabaseConfig" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="target" ref="DatabaseConfigImpl" />
<property name="proxyTargetClass" value="false"/>
<property name="transactionAttributes">
<props>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="delete*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</beans>
在这个 MyConcurrentSessionControlStrategy 类中,使用自定义实现扩展了 ConcurrentSessionControlStrategy 类。我也在使用自定义过滤器。我还在 web.xml 中添加了 HttpSessionEventPublisher
我的应用程序正在运行。我不知道如何应用并发控制。