我正在创建一个restapi,我想阻止同一个用户登录到spring启动应用程序。我的配置如下
@Override
protected void configure(HttpSecurity http) throws Exception{
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.authorizeRequests().antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/**").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
.and().sessionManagement()
.maximumSessions(1);
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
另外,如果用户已经登录,如何向前端发送响应。目前,我可以使用多个选项卡在同一个浏览器上登录应用程序。我想禁用这个。
这是我的控制器
@PostMapping("/signin")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest){
try {
Optional<User> _user = userRepository.findByUsername(loginRequest.getUsername());
if(_user.get().isActive()) {
if(_user.get().isPasswordReset()) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Password Rest Required"));
} else {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtUtils.generateJWTToken(authentication);
UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
List<String> roles = userDetails.getAuthorities().stream()
.map(item -> item.getAuthority())
.collect(Collectors.toList());
return ResponseEntity.ok(new JwtResponse(jwt, userDetails.getId(),
userDetails.getUsername(),
userDetails.getEmail(), roles,
userDetails.getCompany().getId()));
}
}else {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Current user is inactive! Please contact support team"));
}
} catch (Exception e) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Bad credentials"));
}
}
1条答案
按热度按时间y1aodyip1#
它不仅针对一个用户,还控制每个用户的最大会话数:
参考文件:https://docs.spring.io/spring-security/site/docs/4.2.7.release/apidocs/org/springframework/security/config/annotation/web/configurers/sessionmanagementconfigurer.html