首先,对不起我的英语不好,我有一个会话管理问题,我有一个ApplicationListener,它对HttpSessionDestroyed事件执行一些代码。
我还在每个HttpSessionCreatedEvent上添加了一个日志。
有时候,随机地,当我在本地测试我的应用程序时,我有多个HttpSessionCreatedEvent,Spring安全性断开了用户的连接,并在没有前端交互的情况下重新连接了他(会话ID已被修改,没有日志就无法看到它) 。我认为这与会话超时有关,因为我可以通过减少会话持续时间轻松地重现它。
我尝试了不同的解决方案,但我不了解问题的原因。
我想解决此问题,因为我认为这是我的应用程序遇到其他问题的原因。
这是我的ApplicationListener
@Override
public void onApplicationEvent(ApplicationEvent applicationEvent) {
if (applicationEvent instanceof HttpSessionCreatedEvent) { //If event is a session created event
LOGGER.info("Session created {}", ((HttpSessionCreatedEvent) applicationEvent).getSession().getId());
} else if (applicationEvent instanceof HttpSessionDestroyedEvent) { //If event is a session destroy event
HttpSession session = ((HttpSessionDestroyedEvent) applicationEvent).getSession();
LOGGER.info("Session destroyed {}", session.getId());
CLUserInfos clUserInfos = (CLUserInfos) session.getAttribute("userInfos");
FolderEngagementSessionBean folderEngagementSessionBean = (FolderEngagementSessionBean)session.getAttribute("scopedTarget.folderEngagementSessionBean");
if (folderEngagementSessionBean != null && folderEngagementSessionBean.getFolderId() != null) {
this.dossierDeblocageProcessor.gererSortieDossier(folderEngagementSessionBean.getFolderId(), clUserInfos, session.getId());
}
}
}
这是我的SecurityConfiguration
http
.csrf().ignoringAntMatchers(
"/fileupload/**",
"/js/lib/ckeditor/ckeditor_4.5.6/filemanager/upload/simpleuploader/**",
"/js/lib/ckeditor/ckeditor_4.5.6/filemanager/browser/default/connectors/jsp/connector/**",
"/securecert/RequestSimplifiedConnect*",
"/RequestAutoLogonSG*",
"/SAMLConnectSG*",
"/securecert/RequestToken*",
"/authentification*"
)
.and()
.headers().frameOptions().disable().and()
.addFilterBefore(new BrowserFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new CLTokenAuthenticationFilter(authenticationManager(), clAuthenticationSuccessHandler), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/css/**", "/fo/**", "/images/**", "/js/**", "/bo/images/**", "/errors/**").permitAll()
.antMatchers("/navigateurNonGere").permitAll()
.antMatchers("/supervision*").permitAll()
.antMatchers("/expire*").permitAll()
.antMatchers("/securecert/RequestToken*").permitAll()
.antMatchers("/securecert/RequestSimplifiedConnect*").permitAll()
.antMatchers("/SAMLConnectSG*").permitAll()
.antMatchers("/RequestAutoLogonSG*").permitAll()
.antMatchers("/authentification*").anonymous() // Allowing request parameters
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/authentification")
.failureHandler(new CLAuthenticationFailureHandler())
.successHandler(clAuthenticationSuccessHandler)
.passwordParameter("motDePasse")
.permitAll()
.authenticationDetailsSource(new CLAuthenticationDetailsSource())
.and()
.logout()
.logoutUrl("/authentification/logout")
.logoutSuccessHandler(cLLogoutSuccessHandler)
.invalidateHttpSession(true);
http.exceptionHandling().accessDeniedHandler(clAccessDeniedHandler);
http.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.expiredUrl("/expire")
.and()
.invalidSessionUrl("/expire");
}
这是我不了解的日志,因为我只是与一位用户一起测试我的应用。
[INFO] [fr.cl.extranet.web.listeners.session.LogoutListener:31] [25/03] [16:27:18]会话已创建CA8E429A831823738124B761AC21E235 [INFO] [fr.cl.extranet.web.listeners.session.LogoutListener:31] [25/03] [16:27:18]创建的会话6B16F535EC4758CD94536DD31F2590FC [INFO] [fr.cl.extranet.web.listeners.session.LogoutListener:31] [25/03] [16:27:18]会话已创建CA8E429A831823738124B761AC21E235 [INFO] [fr.cl.extranet.web.listeners.session.LogoutListener:31] [25/03] [16:27:18]创建了会话6B16F535EC4758CD94536DD31F2590FC
您能帮我了解一下麻烦吗?