MVC中的Spring会话管理,Spring安全性会话与HTTP会话
[英]Spring session management in mvc, Spring security session vs http session
问题描述
After successful login i want to proceed with further request processing with new url. 
成功登录后,我要继续使用新网址进行进一步的请求处理。 But the url is invoking exposed service in spring mvc where security configuration doesn't check the session authentication for coming url.Please take a look below code. 但是该URL正在调用Spring MVC中的公开服务,其中安全配置不检查即将到来的URL的会话身份验证。请看下面的代码。
<http auto-config="true" use-expressions="true">
<!-- <intercept-url pattern="/**" access="isAuthenticated()" /> -->
<intercept-url pattern="/home*" access="isAuthenticated()" />
<intercept-url pattern="/admin*" access="isAuthenticated()" />
<form-login login-page="/" default-target-url="/home"
authentication-failure-url="/accessdenied" always-use-default-target="false"/>
<logout logout-success-url="/" />
<anonymous username="guest" granted-authority="ROLE_GUEST" />
<session-management invalid-session-url="/" session-authentication-error-url="/login.jsp?error=alreadyLogin">
<concurrency-control max-sessions="1" expired-url="/login.jsp?error=sessionExpiredDuplicateLogin" error-if-maximum-exceeded="false"/>
</session-management>
<remember-me />
</http>
When jsp page submits login authentication J_security_check the target url invoked which subsequently calls interceptor pattern /home* and authenticates the login credentials. 当jsp页面提交登录身份验证J_security_check时,调用的目标url随后将调用拦截器模式/ home *并验证登录凭据。
if i'm calling the exposed service before login "/address/userid/" it directly invokes the service method how to make it session bound, if session exist get the data otherwise not. 如果我在登录“ / address / userid /”之前调用公开的服务,它将直接调用服务方法以使其绑定会话,如果会话存在则获取数据,否则不获取数据。
how different spring security session from http session,how to maintain spring security session like http session in spring mvc. Spring安全会话与http会话有何不同,如何在Spring MVC中像http会话一样维护Spring安全会话。
if i'm adding <intercept-url pattern="/**" access="isAuthenticated()" /> it doesn't work, it doesn't show login jsp as well.Where i am doing wrong please clarify. 如果我添加的<intercept-url pattern="/**" access="isAuthenticated()" />不起作用,它也不会显示登录jsp。如果我做错了,请澄清一下。
How to distinguish userid/pwd in authentication manager as per given below, as single ? 如何在下面的身份验证管理器中将userid / pwd区分为单个? takes first parameter. 采用第一个参数。
<authentication-manager>
<authentication-provider>
<!-- <user-service> <user name="admin" password="secret" authorities="ROLE_ADMIN,ROLE_USER"/>
</user-service> -->
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT USER_NAME,USER_PWD, 'true' as enabled from LOGIN_USER where USER_NAME=?"
authorities-by-username-query="select LOGIN_USER.USER_NAME , LOGIN_USER.ROLE_ID as authorities from LOGIN_USER
where LOGIN_USER.USER_NAME =?" />
</authentication-provider>
</authentication-manager>
I have come across few sites it describes only login spring security session management.i couldn't get clarity.Thanks in advance. 我遇到过几个站点,它仅描述了春季登录安全性会话管理。我不清楚,谢谢。
1 个解决方案
解决方案1
0 2013-11-22 12:35:36
我实现了使用拦截器处理程序来检查URI和会话属性,该方法工作正常,但正在spring框架中寻找更好的选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.