可能重复:
Spring Security - Once logged in , browser do not asking for login details again
当我从一个浏览器登录时。即使我将该网址粘贴到不同的浏览器或甚至不同的计算机上,我仍保持在同一会话中
这意味着在浏览器或计算机之间共享同一会话。
这是我的app-cofig.xml
<!-- Scans within the base package of the application for @Components to
configure as beans -->
<aop:aspectj-autoproxy proxy-target-class="true" />
<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="CltSearch_clientApp" />
</bean>
<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="S3" />
</bean>
<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="clientApp" />
<property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd">
<property name="custId" ref="custId" />
<property name="custPswd" ref="custPswd" />
</bean>
<bean id="custId" class="com.csc.exceed.certificate.domain.CustId">
</bean>
<bean id="custPswd" class="com.csc.exceed.certificate.domain.CustPswd">
</bean>
<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="XCA" />
</bean>
<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
<property name="unmarshaller" ref="unmarshaller" />
<property name="marshaller" ref="marshaller" />
<property name="acordRequest" ref="acordRequest" />
<property name="acordResponse" ref="acordResponse" />
</bean>
<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>
<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
<property name="insuranceSvcRq" ref="insuranceSvcRq" />
<property name="signonRq" ref="CltSearch_signonRq" />
</bean>
<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
<property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>
<bean id="com_csc_ClientSearchRq"
class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
<property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>
<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
<property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>
<bean id="com_csc_SearchCriteria"
class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
<property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>
<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>
<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />
<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />
<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />
<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>
<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>
<bean id="applicationProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/application.properties</value>
</property>
</bean>
<bean id="messageProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/MessageResources.properties
</value>
</property>
</bean>
<bean id="xmlReader" class="com.csc.exceed.util.Validator">
<property name="messageProperties" ref="messageProperties" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="validationXml" value="classpath:/rules/validation-rules.xml" />
<property name="oXMapper" ref="oXMapper" />
</bean>
<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
<property name="signonRq" ref="signonRq" />
</bean>
<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">
<property name="userManagerService" ref="userManagerService"></property>
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="customAuthenticationManager"
class="com.csc.exceed.aspect.security.CustomAuthenticationManager">
<property name="authenticationProvider" ref="customAuthenticationProvider" />
<property name="oXMapper" ref="oXMapper" />
<property name="login" ref="login" />
</bean>
<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager" ref="ehcache" />
</bean>
<bean id="ehcache"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>
<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
<property name="messageProperties" ref="messageProperties" />
</bean>
<security:http entry-point-ref="CMSAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customizedFormLoginFilter" />
<security:session-management
session-authentication-strategy-ref="sas" />
<security:intercept-url pattern="/certs/signin/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/certs/AccountSearch/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<bean id="sas"
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="CMSAuthenticationEntryPoint"
class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
<property name="loginFormUrl" value="/certs/signin" />
<property name="forceHttps" value="false" />
</bean>
<bean id="customizedFormLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
<property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
<property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
<property name="allowSessionCreation" value="true" />
<property name="sessionAuthenticationStrategy" ref="sas" />
</bean>
<bean id="simpleURLFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/certs/signin" />
<!-- <property name="allowSessionCreation" value="true" /> -->
</bean>
<bean id="simpleURLSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/certs/AccountSearch" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>
web.xml是
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
</param-value>
</context-param>
<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
答案 0 :(得分:0)
从你的另一个问题https://stackoverflow.com/questions/6523073/spring-login-data-presistence看来你已经意识到你需要将登录信息存储在作用域的会话而不是单例bean中。