SpringSecurity自定义过滤器之后Session会话控制失效!求指点

J2EE 码拜 9年前 (2016-05-24) 1853次浏览
最近在研究SpringSecurity开始一切正常但是自定义过滤器后却发现对Session控制的会话控制失效了。网上说假如重写了User类要重写equals和hashCode方法。但是本人没有重写User类也不好使,之后本人重写了后也重写了equals和hashCode方法,还是不好使。调试之后根本没有进入equals方法但是hashCode方法却走了很多遍。求高手指点。下面开帖代码。
applicationContext-security.xml代码

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
					http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
					http://www.springframework.org/schema/security
					http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<!-- 访问被拒绝时跳转到403界面 -->
	<http entry-point-ref="authenticationProcessingFilterEntryPoint"
		access-denied-page="/403.jsp" >
		<!-- 放行页面 -->
		<intercept-url pattern="/*.css" filters="none" />
		<intercept-url pattern="/error.jsp" filters="none" />
		<intercept-url pattern="/index*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="any" />
		<!-- 访问全部要通过身份验证 -->
		<intercept-url pattern="/**" access="isAuthenticated()" />
		<!-- 访问全部要有ROLE_USER权限 -->
		<intercept-url pattern="/**" access="ROLE_USER" />

		<!-- 安全退出后的页面 -->
		<logout logout-success-url="/logout.jsp" />
		<!-- 两周内记住本人 -->
		<remember-me key="jbcpPetStore" />

		<!-- 检测失效的sessionId,超时时定位到另外一个URL, -->
		<session-management
			session-authentication-error-url="/No_certification.jsp"
			invalid-session-url="/index.jsp" session-fixation-protection="migrateSession">
			<!-- 防止多端登录 -->
			<concurrency-control max-sessions="1"
				error-if-maximum-exceeded="true" expired-url="/error.jsp" />
		</session-management>

			<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" />
	</http>
	<!-- 自定义登录过滤 -->
	<beans:bean id="loginFilter"
		class="filter.UsernamePasswordAuthenticationExtendFilter">
		<!-- 验证页面 -->
		<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
		<!-- 验证成功后的处理 -->
		<beans:property name="authenticationSuccessHandler"
			ref="loginLogAuthenticationSuccessHandler" />
		<!-- 验证失败后的处理 -->
		<beans:property name="authenticationFailureHandler"
			ref="simpleUrlAuthenticationFailureHandler" />
		<!-- 认证器 -->
		<beans:property name="authenticationManager" ref="authenticationManager" />
	</beans:bean>
	<!-- 认证器 -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="myUserDetailsService" />
	</authentication-manager>
	<!-- 注入认证器 -->
	<beans:bean id="myUserDetailsService" class="filter.MyUserDetailService" />
	<!-- 开始注入登录过滤器 -->
	<beans:bean id="loginLogAuthenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
		<beans:property name="defaultTargetUrl" value="/welcome.jsp"></beans:property>
	</beans:bean>
	<beans:bean id="simpleUrlAuthenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<beans:property name="defaultFailureUrl" value="/index.jsp?error=true"></beans:property>
	</beans:bean>
	<!-- 注入登录过滤器结束 -->
	<beans:bean id="authenticationProcessingFilterEntryPoint"
		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<beans:property name="loginFormUrl" value="/index.jsp"></beans:property>
	</beans:bean>
</beans:beans>

web.xml页面

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	version="3.0">
	<display-name></display-name>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<!-- 防止请求Spring乱码 -->
	<filter>
		<filter-name>characterEncodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>utf-8</param-value>
		</init-param>
		<init-param>
			<!--强制转换编码(request和response均适用) -->
			<param-name>ForceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>characterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- Spring Security过滤器 -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- Struts2 -->
	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>*.action</url-pattern>
	</filter-mapping>
	<!-- Spring -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext.xml,classpath:applicationContext-security.xml</param-value>
	</context-param>
	<!-- Spring监听 -->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
		<!-- 监听session 防止多端登录 -->
	<listener>
		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
	<!-- session有效期为30分 -->
	<session-config>
		<session-timeout>30</session-timeout>
	</session-config>
</web-app>
解决方案

20

SpringSecurity自定义过滤器之后Session会话控制失效!求指点

CodeBye 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明SpringSecurity自定义过滤器之后Session会话控制失效!求指点
喜欢 (0)
[1034331897@qq.com]
分享 (0)