本文探讨了Springboot结合SpringSecurity进行权限控制时,如何实现账号会话管理限制以及处理403无权限访问的方案。包括MySessionInformationExpiredStrategy、WebSecurityConfig的配置,以及针对匿名用户和已认证用户的异常处理策略,如GlobalExceptionHandler、AuthenticationEntryPoint和AccessDeineHandler的设置。
限制账号的会话管理方案
MySessionInformationExpiredStrategy
package com.jiangzhu.auth;
import com.jiangzhu.api.Result;
import com.jiangzhu.api.ResultCode;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.session.SessionInformationExpiredEvent;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 账号被挤下线的处理方案
*/
@Component
public class MySessionInformationExpiredStrategy extends JSONAuthentication implements SessionInformationExpiredStrategy {
@Override
public void onExpiredSessionDetected(SessionInformationExpiredEvent sessionInformationExpiredEvent) throws IOException, ServletException {
//生成request
HttpServletRequest request = sessionInformationExpiredEvent.getRequest();
//生成response
HttpServletResponse response = sessionInformationExpiredEvent.getResponse();
Result result=Result.error(ResultCode.USER_ACCOUNT_USE_BY_OTHERS);
this.WriteJSON(request,response,result);
}
}
WebSecurityConfig
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true) //
最低0.47元/天 解锁文章
281
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
