0

我正在使用spring security 3.1.1和mybatis 3,如果应用程序进入理想状态并且用户在此之后表现为匿名用户,会话数据会在会话超时之前丢失

请帮助提前谢谢

*弹簧安全文件供参考*

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">    
    <http auto-config="false" use-expressions="true" >
        <intercept-url pattern="/jsp/home*" access="hasAnyRole('ROLE_GUEST','ROLE_ADMIN','ROLE_SUPPORT')" />
        <intercept-url pattern="/jsp/search*" access="hasAnyRole('ROLE_GUEST','ROLE_ADMIN','ROLE_SUPPORT')" />
        <intercept-url pattern="/jsp/errorSearch*" access="hasAnyRole('ROLE_GUEST','ROLE_ADMIN','ROLE_SUPPORT')"/>
        <form-login login-page="/jsp/login.htm" default-target-url="/jsp/home.htm" login-processing-url="/jsp/j_spring_security_check"
                    authentication-failure-url="/jsp/login.htm?error=true"/>            
        <logout logout-url="/jsp/j_spring_security_logout" logout-success-url="/jsp/login.htm" delete-cookies="JSESSIONID"/>
        <access-denied-handler error-page="/jsp/accessdenied.htm"/>
        <session-management session-authentication-error-url="/loginFailed" session-fixation-protection="migrateSession"> 
            <concurrency-control expired-url="/loginFailed" error-if-maximum-exceeded="true" max-sessions="1"/>
        </session-management>
    </http>
    <beans:bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
        <beans:constructor-arg value="homeoffice.test.com" />
        <beans:constructor-arg value="ldap://honts0102.homeoffice.test.com:1568" />
        <beans:property name="useAuthenticationRequestCredentials" value="true" />
        <beans:property name="convertSubErrorCodesToExceptions" value="true" />
        <beans:property name="userDetailsContextMapper" ref="dashboardUserDetailsContextMapper"/>
    </beans:bean>
    <beans:bean id="dashboardUserDetailsContextMapper" class="com.test.dashboard.security.UserDetailsContextMapperImpl"/>
     <authentication-manager>
           <authentication-provider ref="ldapActiveDirectoryAuthProvider" />
     </authentication-manager>
</beans:beans>
4

0 回答 0