有人知道吗,我的HttpSessionIdResolver有什么问题吗? 重新加载每个站点后,用户将获得一个新的会话ID。 如果我从配置中删除HttpSessionIdResolver,它将正常工作,但是主体名称为空...
注意:我将Spring Session与JDBC一起使用!
这是我的安全配置文件:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
return new HeaderHttpSessionIdResolver("X-Auth-Token");
}
}