英文:
How to avoid concurrent sessions per user in a spring-boot application
问题
Sure, here's the translated content:
一个使用Spring Boot创建的应用程序具有REST API,具有生成JWT令牌的登录API,但用户可以多次登录。如何避免这种情况?
我尝试了以下配置,但没有成功:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.and()
.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.expiredUrl("/login?expired")
.and()
.sessionFixation()
.migrateSession();
}
英文:
a spring-boot application with REST APIs has Login API generates token using JWT
but a user can login multiple times
how can I avoid this scenario?
I tried the following configurations with no luck
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.and()
.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.expiredUrl("/login?expired")
.and()
.sessionFixation()
.migrateSession();
}
答案1
得分: 0
文档 提到您需要发布以下的 bean:
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
您尝试过这样吗?
英文:
The documentation says that you have to publish the following bean:
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
Have you tried that?
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论