春季安全停止粉碎会议

时间:2015-06-30 11:08:36

标签: spring spring-security-ldap

我第一次使用Spring安全性,当我认为我完成时,我遇到了Spring安全会话的问题。该方案是我与第一个用户登录并在与另一台计算机中的另一个用户登录后 如果我刷新第一个用户,则显示第二个用户的详细信息。 这就像第一个用户的会话被第二个用户粉碎,我不明白为什么。有我的spring安全配置:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <sec:http auto-config="true" >
        <sec:intercept-url pattern="/jsf/home.xhtml" 
        access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
        <sec:intercept-url pattern="/jsf/resultTestEligibilite_ADSL.xhtml" 
            access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
        <sec:intercept-url pattern="/jsf/resultTestEligibilite_SDSL.xhtml" 
            access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />
        <sec:intercept-url pattern="/jsf/resultTestEligibilite_SDSLplus.xhtml" 
            access="ROLE_ECRITURE, ROLE_LECTURE, ROLE_ADMIN" />

        <sec:logout invalidate-session="true" 
            delete-cookies="JSESSIONID" 
            success-handler-ref="customLogoutSuccessHandler"/>

        <sec:form-login login-processing-url="/j_spring_security_check"
            login-page="/index.xhtml" default-target-url="/jsf/home.xhtml"
            authentication-failure-url="/index.xhtml?error=1" />

        <sec:session-management invalid-session-url="/j_spring_security_logout" />
    </sec:http>


    <bean id="propertyConfigurer"
        class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreResourceNotFound" value="true" />
        <property name="ignoreUnresolvablePlaceholders" value="false" />
        <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
        <property name="locations">
            <list>
                <value>
                    classpath:/jboss.properties
                </value>
            </list>
        </property>
    </bean>

    <bean id="ldapUserSearch"
        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <constructor-arg index="0" value="${ldap.user-search-base}" />
        <constructor-arg index="1" value="${ldap.user-search-filter}" />
        <constructor-arg index="2" ref="contextSource" />
        <property name="searchSubtree" value="true" />
    </bean>

    <bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <constructor-arg value="${ldap.url}" />
        <property name="userDn" value="${ldap.manager-dn}" />
        <property name="password" value="${ldap.manager-password}" />
    </bean>

    <sec:ldap-server
       url="${ldap.url}"    
       manager-dn="${ldap.manager-dn}" 
       manager-password="${ldap.manager-password}" 
       id = "contextSource"
       root="${ldap.root}"/>

    <sec:ldap-user-service id="ldapUserService"
        server-ref="contextSource" 
        group-search-base="${ldap.group-search-base}"
        group-role-attribute="${ldap.group-role-attribute}" 
        group-search-filter="${ldap.group-search-filter}"
        user-search-base="${ldap.user-search-base}" 
        user-search-filter="${ldap.user-search-filter}" />


    <sec:authentication-manager alias="MyManager">
        <sec:ldap-authentication-provider
            user-search-base="${ldap.user-search-base}" 
            user-search-filter="${ldap.user-search-filter}"
            group-search-base="${ldap.group-search-base}" 
            group-search-filter="${ldap.group-search-filter}"
            role-prefix="${ldap.role-prefix}" 
            user-context-mapper-ref="customUserDetailsMapper">
                <sec:password-compare hash="{sha}" >
                    <sec:password-encoder ref="passwordEncoder"  />
                </sec:password-compare>
            </sec:ldap-authentication-provider>
    </sec:authentication-manager>




    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.LdapShaPasswordEncoder" >
        <property name="forceLowerCasePrefix" value="true" />
    </bean>


    <bean id="LdapUserDetailManager"
        class="org.springframework.security.ldap.userdetails.LdapUserDetailsManager">
        <constructor-arg ref="contextSource" />

        <property name="attributesToRetrieve" >
            <list>
                <value>wsEligXdslFaiUsername</value>
            </list>
        </property>
    </bean>
    <bean id="customUserDetailsMapper" class="com.axione.eligibilite.ihm.ldap.impl.CustomUserDetailsContextMapper" />
</beans>`enter code here`

先谢谢你的帮助,因为我真的不知道这个问题来自哪里。

0 个答案:

没有答案
相关问题
最新问题