会话并发不适用于自定义UserDetails

时间:2017-11-06 10:59:42

标签: spring-boot spring-security

Spring安全性最大并发会话设置无法与自定义UserDetailsService和自定义UserDetails实施一起使用。它允许从不同的机器使用相同的用户登录。

但是当我在Spring Security的UserDetailsService实现UserDetails中使用自定义User时,它会终止首次登录的会话并使用新会话登录。

安全配置:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic().and()
                    .sessionManagement().maximumSessions(1).and().and().userDetailsService(customUserDetailsService);
    }
}

自定义UserDetailsService与Spring Secutiy User实施(工作):

@Service
public class CustomUserDetailsService
        implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {

        final User user = new User("user", "password", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
        return user;

}

自定义UserDetailsService自定义User实施(无效):

@Service
public class CustomUserDetailsService
        implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {

    final CustomUser user = new CustomUser();
    user.setUsername("user");
    user.setPassword("password");
    user.setAuthorities(Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
    user.setAccountNonLocked(true);
    user.setAccountNonExpired(true);
    user.setCredentialsNonExpired(true);
    user.setEnabled(true);

    return user;

}

对此有何帮助?

0 个答案:

没有答案