0

我从 Spring Security 框架开始。我设置了框架。它工作正常,但我的问题在于注销功能......当我断开连接时。当他在页面访问被拒绝时通过我时,我又来连接一次。每当我因为他接受我的连接而被迫重新启动tomcat时

我的第二个问题:我试图测试说超时会话的东西,我停留了 1 分钟以上,当我回来时,我仍然在同一页面上。我不知道如何激活这个选项我想我在我的 security.xml 上配置了但它不起作用

这是我的 Sprintconfiguration

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">



    <sec:http auto-config="true" use-expressions="true">
        <sec:intercept-url pattern="/pagess/**" access="hasRole('ROLE_USER')"/>
        <sec:form-login login-page="/login.jsf"  authentication-failure-url="/loginFailed.jsf"  default-target-url="/pagess/Menu.jsf"/>
        <sec:logout  logout-success-url="/login.jsf" delete-cookies="JSESSIONID"  invalidate-session="true"/>

        <sec:session-management invalid-session-url="/login.jsf">
            <sec:concurrency-control max-sessions="1"
                error-if-maximum-exceeded="true" />
        </sec:session-management>       
    </sec:http>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider>
            <sec:jdbc-user-service data-source-ref="DataSource"/>
        </sec:authentication-provider>
    </sec:authentication-manager> 
</beans:beans>

这是我的 bean Loginbean

@ManagedBean(name="loginBean")
@SessionScoped
public class LoginBean {

    private String username;  

    private String password; 


    public String getUsername() {  
        return username;  
    }  

    public void setUsername(String username) {  
        this.username = username;  
    }  

    public String getPassword() {  
        return password;  
    }  

    public void setPassword(String password) {  
        this.password = password;  
    }  


    public String doLogin() throws ServletException, IOException {

        ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();

        RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
                .getRequestDispatcher("/j_spring_security_check?j_username=" + username
                                + "&j_password=" + password);

        dispatcher.forward((ServletRequest) context.getRequest(),
                (ServletResponse) context.getResponse());

        FacesContext.getCurrentInstance().responseComplete();

        return null;
    }


    public String dologout() throws IOException {
        FacesContext.getCurrentInstance().getExternalContext()
        .invalidateSession();
this.username = "";
this.password = "";
        ExternalContext context =FacesContext.getCurrentInstance().getExternalContext();
        context.redirect(context.getRequestContextPath()
                + "/j_spring_security_logout");
        FacesContext.getCurrentInstance().responseComplete();
        return null;

    }
}

这是 WebXml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
 <display-name>PFE</display-name>
 <context-param>
<param-name>primefaces.THEME</param-name>
<param-value>trontastic</param-value>
</context-param>
 <context-param>
  <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
 </context-param>
 <context-param>
  <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
  <param-value>resources.application</param-value>
 </context-param>
 <listener>
  <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
 </listener>
 <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
 </servlet>
 <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>*.jsf</url-pattern>
 </servlet-mapping>
 <welcome-file-list>
  <welcome-file>/Test.jsp</welcome-file>
 </welcome-file-list>
 <session-config>
 <session-timeout>
 30
 </session-timeout>
 </session-config>

 <context-param>
  <param-name>contextConfigLocation</param-name>
      <param-value>
     /WEB-INF/application.xml
     /WEB-INF/spring_sec.xml
      </param-value>
   </context-param>
   <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
 <listener>
  <listener-class>
   org.springframework.web.context.ContextLoaderListener
  </listener-class>
   </listener>

   <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

   <listener>
  <listener-class>
   org.springframework.web.context.request.RequestContextListener
  </listener-class>
   </listener>
</web-app>
4

1 回答 1

1

我解决了我的问题..缺少一个 Listner

<listener> 
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class> 
</listener
于 2013-04-26T09:49:16.427 回答