0
스프링 보안 샘플을보고 스프링 부트를 사용하여 애플리케이션을 통합하려고합니다. 그러나 동시에 두 번 이상 로그인 할 수 있습니다. 왜 여기에 내 SecurityConfig.java가 있으며, 저는 Spring-Boot1.3.2RELEASE와 Spring-Security4.0.3RELEASE를 사용하고 있습니다.스프링 부트시 세션 관리가 작동하지 않습니다
package com.eexcel.branch.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.eexcel.common.service.distributor.DistributorService;
@Configuration
@EnableWebSecurity(debug = false)
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig {
public static String[] ignoreUrls = { "/css/**", "/js/**", "/images/**",
"/assets/**", "**/favicon.ico" };
public static String[] anonymousUrls = { "/registe**", "/login**" };
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(ignoreUrls)
.permitAll()
//
.antMatchers(anonymousUrls)
.anonymous()
//
.anyRequest()
.authenticated()
//
.and()
//
.formLogin()
.loginPage("/login")
//
.and()
//
.logout()
.logoutUrl("/logout")
//
.and()
//
.rememberMe()
//
.and()
//
.sessionManagement().maximumSessions(1)
.maxSessionsPreventsLogin(true)
.expiredUrl("/login?expired");
}
}
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
protected static class AuthenticationManagerConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private DistributorService userDetailsService;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(
passwordEncoder);
}
}
}