[SPRING] 봄 보안 로그 아웃 및 최대 세션
SPRING봄 보안 로그 아웃 및 최대 세션
나는 Spring.io 가이드 봄 보안에이 자습서를 수행하고있다. 로그 아웃하고 로그인 기능이 잘 작동하고 있지만 나는 WebSecurityConfigurerAdapter에 다음 줄을 추가 할 때 예상대로 작동하지 않습니다. (그는 이미 하나에 로그인 한 경우 기본적으로, 두 개의 장치에서 로그인에서 사용자를 방지 할)
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// The configuration as in the tutorial
http
.httpBasic().and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// Added this for session management
http.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(true)
}
}
당신이 로그 아웃했다가 다시 로그인하려고하면 문제는 (401)는 인증 실패 메시지 '로 반환됩니다 발생 : 최대를 이 주체에 대한 1 세션은 '초과했습니다. 그러나 로그 아웃 URL은 AngularJS와 응용 프로그램에서이 부분에 타격
self.logout = function() {
$http.post('logout', {}).finally(function() {
$rootScope.authenticated = false;
$location.path("/");
});
}
왜 세션의 수는이 경우 초기화되지 않습니다?
무슨 일이 예상대로 작동하도록 할 수 있는가?
GitHub의 코드 링크
디버그 모드에서 봄 보안 로그
2017-01-03 21:38:01.806 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/logout'; against '/error'
2017-01-03 21:38:01.806 DEBUG 32624 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /logout at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-01-03 21:38:01.806 DEBUG 32624 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /logout at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@442b5a9f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b5a9f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /logout at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /logout at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /logout at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/logout'; against '/logout'
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.w.a.logout.LogoutFilter : Logging out user 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b5a9f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER' and transferring to logout destination
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.w.a.l.SecurityContextLogoutHandler : Invalidating session: DDC79F814F9ECD2A0192531E977D53C9
2017-01-03 21:38:01.807 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2017-01-03 21:38:01.808 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : matched
2017-01-03 21:38:01.808 DEBUG 32624 --- [nio-8080-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@e0735a1
2017-01-03 21:38:01.809 DEBUG 32624 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-01-03 21:38:01.809 DEBUG 32624 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/error'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /user' doesn't match 'POST /logout
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 6 of 13 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
2017-01-03 21:38:38.069 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.session.SessionManagementFilter : Requested session ID DDC79F814F9ECD2A0192531E977D53C9 is invalid.
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /user at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/index.html'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/home.html'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/login.html'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/'
2017-01-03 21:38:38.070 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /user; Attributes: [authenticated]
2017-01-03 21:38:38.071 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2017-01-03 21:38:38.071 DEBUG 32624 --- [io-8080-exec-10] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6bd96c27, returned: -1
2017-01-03 21:38:38.072 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE]
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/user' matched by universal pattern '/**'
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/**/favicon.ico'
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2017-01-03 21:38:38.073 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@47099aec, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, text/plain, */*]
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = false
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.HttpStatusEntryPoint@301fca8
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@e0735a1
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-01-03 21:38:38.074 DEBUG 32624 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/error'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /user' doesn't match 'POST /logout
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 6 of 13 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'user'
2017-01-03 21:39:24.188 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b5a9f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@442b5a9f: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /user at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-01-03 21:39:24.189 DEBUG 32624 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy@2bf94401
2017-01-03 21:39:24.191 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.session.SessionManagementFilter : SessionAuthenticationStrategy rejected the authentication object
org.springframework.security.web.authentication.session.SessionAuthenticationException: Maximum sessions of 1 for this principal exceeded
at org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy.allowableSessionsExceeded(ConcurrentSessionControlAuthenticationStrategy.java:153) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
at org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy.onAuthentication(ConcurrentSessionControlAuthenticationStrategy.java:123) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
2017-01-03 21:39:24.192 DEBUG 32624 --- [nio-8080-exec-1] .a.SimpleUrlAuthenticationFailureHandler : No failure URL set, sending 401 Unauthorized error
2017-01-03 21:39:24.192 DEBUG 32624 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@e0735a1
2017-01-03 21:39:24.192 DEBUG 32624 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-01-03 21:39:24.192 DEBUG 32624 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
해결법
-
==============================
1.당신은 그것이 작동되도록하는 일을 다음을 수행해야합니다
당신은 그것이 작동되도록하는 일을 다음을 수행해야합니다
최종 코드는 다음과 같이한다 :
@Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .httpBasic(); http .authorizeRequests() .antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll() .anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // @formatter:on http .sessionManagement() .maximumSessions(1) .maxSessionsPreventsLogin(true) .sessionRegistry(sessionRegistry()); } } // Work around https://jira.spring.io/browse/SEC-2855 @Bean public SessionRegistry sessionRegistry() { SessionRegistry sessionRegistry = new SessionRegistryImpl(); return sessionRegistry; } // Register HttpSessionEventPublisher @Bean public static ServletListenerRegistrationBean httpSessionEventPublisher() { return new ServletListenerRegistrationBean(new HttpSessionEventPublisher()); }
from https://stackoverflow.com/questions/41429778/spring-security-logout-and-maximum-sessions by cc-by-sa and MIT license
'SPRING' 카테고리의 다른 글
| [SPRING] 봄 부팅 thymeleaf로 이미지를로드 할 수 없습니다 (0) | 2019.10.04 |
|---|---|
| [SPRING] 어떻게 spring.jpa.hibernate.ddl - 자동 속성을 정확히 봄에서 작동합니까? (0) | 2019.10.03 |
| [SPRING] 실행 항아리에서 실행 스프링 테스트 (0) | 2019.10.03 |
| [SPRING] 어떻게 WebSocket을을 사용하여 MySQL의에서 라이브 알림 업데이트를 얻으려면? (0) | 2019.10.03 |
| [SPRING] ContextRefreshedEvent 봄에 발사 될 때? (0) | 2019.10.03 |