如何在Spring Security 3.1中通过FilterChainProxy使用并发控制
[英]How to use Concurrency control in spring security 3.1 with FilterChainProxy
问题描述
Hi I am trying to implement concurrency control with spring security3.1 but it is not working.I am using FilterChainProxy so I don't know how to use concurrency control in it.The code I have tried are below what I am missing please help me out? 
嗨,我正在尝试使用spring security3.1实现并发控制,但是它不起作用。我正在使用FilterChainProxy,所以我不知道如何在其中使用并发控制。我尝试过的代码低于我所缺少的代码,请帮忙我出来吗?
Bean file 豆文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
">
<!-- Custom code by rajesh -->
<!-- =================================================================== -->
<!-- Create sessionRegistry Implementation Bean -->
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean name="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/modules/my/login.do"/>
</bean>
<bean id="sas" class="com.xxxx.xxx.security.filter.MyConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="securityImpl" ref="SecurityImpl"/>
</bean>
<!-- =================================================================== -->
<!-- Custom code ended by rajesh -->
<!-- Create ISecurity Implementation Bean -->
<bean id="SecurityImpl" class="com.xxxx.xxx.security.impl.SecurityImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="persistentRememberMeTokenRepositoryImpl" >
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenRepositoryImpl">
<property name="dao">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
</property>
</bean>
<bean id="ISecurityImpl"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="SecurityImpl" />
<property name="proxyTargetClass" value="false" />
<property name="transactionAttributes">
<props>
<prop key="set*">PROPAGATION_REQUIRED</prop>
<prop key="checkPasswordExpiry">PROPAGATION_REQUIRED</prop>
<prop key="expireSessionBySessionId">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="myFilterSecurityInterceptor" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant" >
<security:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,concurrencyFilter, logoutFilter, usernamePasswordAuthenticationFilter, rememberMeAuthenticationFilter, passwordExpiryFilter , anonymousAuthenticationFilter, accountExpiryFilter, exceptionTranslationFilter, filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- the post-logout destination -->
<constructor-arg value="/modules/my/login.do" />
<constructor-arg>
<array>
<ref bean="myRememberMeService"/>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</array>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout_my" />
</bean>
<bean id="usernamePasswordAuthenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="sessionAuthenticationStrategy" ref="sas" />
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="rememberMeServices" ref="myRememberMeService" />
<property name="filterProcessesUrl" value="/my_authentication_service"></property>
<property name="usernameParameter" value="loginid" />
<property name="passwordParameter" value="password" />
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="accountExpiryFilter" class="com.xxxx.xxx.security.filter.MyAccountExpiryFilter">
<property name="securityImpl" ref="SecurityImpl"/>
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="passwordExpiryFilter"
class="com.xxxx.xxx.security.filter.MyPasswordExpiryFilter">
<property name="securityImpl" ref="SecurityImpl"/>
<property name="authenticationFailureHandler" ref="AuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="AuthenticationSuccessHandler" />
</bean>
<bean id="AuthenticationFailureHandlerImpl"
class="com.xxxx.xxx.security.impl.AuthenticationFailureHandlerImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="defaultFailureUrl" value="/modules/my/login.do?error=1" />
</bean>
<bean id="AuthenticationFailureHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AuthenticationFailureHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="onAuthenticationFailure">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="AuthenticationSuccessHandlerImpl"
class="com.xxxx.xxx.security.impl.AuthenticationSuccessHandler">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="targetUrlParameter" value="redirect-to"></property>
</bean>
<bean id="AuthenticationSuccessHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AuthenticationSuccessHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="onAuthenticationSuccess">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="rememberMeAuthenticationFilter"
class="com.xxxx.xxx.security.filter.MyRememberMeAuthenticationFilter">
<property name="rememberMeServices" ref="myRememberMeService" />
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="securityImpl" ref="SecurityImpl"/>
</bean>
<bean id="anonymousAuthenticationFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
<property name="key" value="XXXXXXXX" />
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/modules/my/login.do" />
</bean>
</property>
<property name="accessDeniedHandler" ref="AccessDeniedHandler" />
</bean>
<bean id="AccessDeniedHandlerImpl" class="com.xxxx.xxx.security.impl.AccessDeniedHandlerImpl">
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
<property name="errorPage" value="/modules/errors/accessDenied.do" />
</bean>
<bean id="AccessDeniedHandler"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target" ref="AccessDeniedHandlerImpl" />
<property name="proxyTargetClass" value="true" />
<property name="transactionAttributes">
<props>
<prop key="handle">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="myAuthenticationManager" />
<property name="accessDecisionManager" ref="myAffirmativeBasedAccessDecisionManager" />
<property name="securityMetadataSource">
<security:filter-security-metadata-source
use-expressions="true" lowercase-comparisons="true">
<!-- Core Actions -->
<security:intercept-url pattern="/modules/my/login.do"
access="permitAll" />
<security:intercept-url pattern="/modules/my/credentialExpired.do"
access="hasRole('ROLE_ANONYMOUS')" />
<security:intercept-url pattern="/modules/my/*"
access="hasRole('ROLE_ADMIN')" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean class="org.springframework.security.access.vote.AffirmativeBased"
id="myAffirmativeBasedAccessDecisionManager">
<property name="decisionVoters">
<list>
<bean id="webExpressionVoter"
class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler" ref="MyWebSecurityExpressionHandler" />
</bean>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="MyWebSecurityExpressionHandler"
class="com.xxxx.xxx.security.spring.web.MyWebSecurityExpressionHandler">
<property name="iSecurity" ref="SecurityImpl" />
<property name="roleHierarchy">
<bean
class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
<property name="hierarchy">
<value>
ROLE_MY > ROLE_ADMIN
ROLE_ADMIN > ROLE_USER
ROLE_USER > ROLE_PORTAL_USER
ROLE_PORTAL_USER > ROLE_GUEST
ROLE_GUEST > ROLE_ANONYMOUS
</value>
</property>
</bean>
</property>
</bean>
<bean id="myAuthenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="authenticationEventPublisher" ref="myAuthEventPublisher" />
<property name="providers">
<list>
<bean
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="myUserDetailsService" />
<property name="passwordEncoder">
<bean id="myPasswordEncoder"
class="com.xxxx.xxx.security.spring.MyPasswordEncoder">
<property name="passwordEncryptor" ref="myPasswordEncryptor"></property>
</bean>
</property>
</bean>
<bean
class="org.springframework.security.authentication.AnonymousAuthenticationProvider ">
<property name="key" value="xxxxxxxxxxxxxx" />
</bean>
<bean
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="MY_SECURE_REMME_MY_APP" />
</bean>
</list>
</property>
</bean>
<bean id="myUserDetailsService" class="com.xxxx.xxx.impl.core.users.UserImpl">
<property name="dao" ref="userDao" />
<property name="passwordEncryptor" ref="myPasswordEncryptor" />
</bean>
<!-- like for example at new user sign-up. -->
<bean id="myRememberMeService"
class="com.xxxx.xxx.security.impl.DefaultMyRememberMeServices">
<property name="tokenRepository">
<bean
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="myTransactionManager" />
<property name="target">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenRepositoryImpl">
<property name="dao">
<bean
class="com.xxxx.xxx.impl.core.security.persisted.tokens.PersistentRememberMeTokenDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
</property>
<property name="proxyTargetClass" value="false" />
<property name="transactionAttributes">
<props>
<prop key="*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</property>
<property name="userDetailsService" ref="myUserDetailsService" />
<property name="key" value="MY_SECURE_REMME_MY_APP" />
<property name="alwaysRemember" value="false" />
<property name="useSecureCookie" value="true" />
<property name="cookieName" value="MY_SECURE_REMME" />
<property name="parameter" value="MY_REMME" />
<property name="dao">
<bean class="com.xxxx.xxx.security.impl.SecurityDAO">
<property name="sessionFactory" ref="mySessionFactory" />
</bean>
</property>
</bean>
<bean id="myPasswordEncryptor" class="com.xxxx.xxx.security.spring.MyPasswordEncryptor" />
<bean id="myAuthEventPublisher"
class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher" />
<bean id="authenticationListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<bean id="authorizationListener"
class="org.springframework.security.access.event.LoggerListener" />
<bean id="DatabaseConfigImpl" class="com.xxxx.xxx.impl.core.database.config.DatabaseConfigImpl"></bean>
<bean id="IDatabaseConfig" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="target" ref="DatabaseConfigImpl" />
<property name="proxyTargetClass" value="false"/>
<property name="transactionAttributes">
<props>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="delete*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</beans>
In this MyConcurrentSessionControlStrategy class extends ConcurrentSessionControlStrategy class with custom implementation.I am also using Custom filter.I have also added HttpSessionEventPublisher in web.xml 在此MyConcurrentSessionControlStrategy类中,使用自定义实现扩展了ConcurrentSessionControlStrategy类。我也在使用自定义过滤器。我还在web.xml中添加了HttpSessionEventPublisher
My application is working.I am not getting how to apply concurrency control. 我的应用程序正在运行。我不知道如何应用并发控制。
1 个解决方案
解决方案1
0 2013-01-05 14:51:09
Since you haven't shown the configuration for the usernamePasswordAuthenticationFilter , my first guess would be that you have forgotten to add the necessary hook there by injecting the ConcurrentSessionControlStrategy into that bean. 由于您尚未显示usernamePasswordAuthenticationFilter的配置,因此我的第一个猜测是您忘记了通过将ConcurrentSessionControlStrategy注入该bean来在其中添加必要的钩子。 Before adding your own custom versions of classes, you should show that you can get it working with the standard classes. 在添加您自己的类的自定义版本之前,您应该证明可以与标准类一起使用。 There is an example configuration in the reference manual . 参考手册中有一个示例配置。 Begin from there, make sure that works, and then try adding your MyConcurrentSessionControlStrategy . 从那里开始,确保可以正常工作,然后尝试添加MyConcurrentSessionControlStrategy 。 Without seeing the code for that class it could easily be something in there that is wrong. 如果没有看到该类的代码,则很容易出现错误。
Also, if you're trying to describe a problem, you should explain in detail what "isn't working", even if it's just that the feature doesn't seem to be enabled when you think it should be. 另外,如果您要描述问题,则应详细说明什么“无效”,即使只是您认为应该启用该功能也是如此。 The debug log is also a useful source of information. 调试日志也是有用的信息来源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring Security并发控制 - Spring Security Concurrency Control
MockMvc和Spring Security - Null FilterChainProxy - MockMvc and Spring Security - Null FilterChainProxy
Redis的Spring Security并发控制 - Spring Security concurrency control with Redis
Spring Security“没有可用的名为'filterChainProxy'的bean”错误 - Spring Security “No bean named 'filterChainProxy' available” error
FilterChainProxy上的NullPointerException(spring-security-web-3.1.4) - NullPointerException at FilterChainProxy(spring-security-web-3.1.4)
Spring安全并发控制不起作用 - Spring security concurrency-control does not work
Spring Security 4 Concurrency Control,想对错误登录或用户已经登录都使用 authentication-error-url - Spring Security 4 Concurrency Control, want to use authentication-error-url both for wrong login or user already logged
Spring Security 3.1 - Spring Security 3.1
如何在 Spring Security 3.1 中使用 acl_entry 表中的掩码字段? - How do i use the mask field in acl_entry table in Spring Security 3.1?
Spring Security 3.1:如何在另一个入口点获得安全性 - Spring Security 3.1: How To Get Security To Kick In At An Alternative Entry Point
相关标签