我使用Spring会话休息和spring安全性,每个请求都应该有标题“x-auth-token”,其值为session id。但对于那些没有该标题的请求(例如options方法),它仍然会创建会话。怎么避免这个?
(目前我为会话事件添加一个监听器并删除那些未经授权的会话) 这是我的主要配置:
spring session config:
@Configuration
@EnableHazelcastHttpSession(maxInactiveIntervalInSeconds = 86400)
public class JxSessionConfig {
@Bean
public HazelcastInstance hazelcastInstance() {
MapAttributeConfig attributeConfig = new MapAttributeConfig()
.setName(HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
.setExtractor(PrincipalNameExtractor.class.getName());
Config config = new Config();
config.getMapConfig("spring:session:sessions")
.addMapAttributeConfig(attributeConfig)
.addMapIndexConfig(new MapIndexConfig(
HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
return Hazelcast.newHazelcastInstance(config);
}
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
/* //直接在session配置类中注入listener的bean即可监听事件
@Bean
public HttpSessionListener httpSessionListener() {
return new JxSessionListener();
}*/
}
spring security config:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.headers().frameOptions().sameOrigin().and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/anon/**").permitAll()
.antMatchers("/token/**").permitAll()
.antMatchers("/rest/**").hasRole("USER")
httpSecurity
.addFilter(authenticationTokenFilterBean());
// disable page caching
httpSecurity.headers().cacheControl();
httpSecurity.requestCache().requestCache(new NullRequestCache());
httpSecurity.formLogin().failureHandler(authenticationFailureHandler());
httpSecurity.rememberMe();
}
private AuthenticationFailureHandler authenticationFailureHandler() {
return new AuthenticationFailureHandler();
}
public class AuthenticationFailureHandler
extends SimpleUrlAuthenticationFailureHandler {
}
为英语不好而道歉,您的回答非常受欢迎^ _ ^