Spring Security——集成Spring Session、Redis和JSON序列化解决方案
官方文档
https://docs.spring.io/spring-session/docs/2.4.2/reference/html5/#spring-security
Maven
主要
org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-data-redis org.springframework.session spring-session-core org.springframework.session spring-session-data-redis 解决方案
集成Spring Session
Maven
org.springframework.session spring-session-core 配置
/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-16 20:27*/
@Configuration
@EnableSpringHttpSession
public class CustomSpringHttpSessionConfig {@Beanpublic MapSessionRepository sessionRepository() {return new MapSessionRepository(new ConcurrentHashMap<>());}}集成Spring Session Redis
Maven
org.springframework.session spring-session-data-redis
org.springframework.boot spring-boot-starter-data-redis
配置
取消Spring Session配置
/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-16 20:27*/
//@Configuration
//@EnableSpringHttpSession
public class CustomSpringHttpSessionConfig {@Beanpublic MapSessionRepository sessionRepository() {return new MapSessionRepository(new ConcurrentHashMap<>());}}Redis Session配置
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {@Autowiredprivate FindByIndexNameSessionRepository sessionRepository;@Overrideprotected void configure(HttpSecurity http) throws Exception {// @formatter:offhttp// other config goes here....sessionManagement((sessionManagement) -> sessionManagement.maximumSessions(2).sessionRegistry(sessionRegistry()));// @formatter:on}@Beanpublic SpringSessionBackedSessionRegistry sessionRegistry() {return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);}}Session Listener
/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-25 10:45*/
@Configuration
@EnableRedisHttpSession
public class CustomRedisHttpSessionConfig {/*** httpSession的会话监听,*/@Beanpublic HttpSessionEventPublisher httpSessionEventPublisher() {return new HttpSessionEventPublisher();}
}
JSON序列化
Jackson2
Redis配置
/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-03-16 23:12*/
@Configuration
public class CustomRedisConfig {// private ObjectMapper objectMapper = new ObjectMapper();@Autowiredprivate ObjectMapper objectMapper; //需要另外配置,不是重点,自行配置/*** @see org.springframework.security.jackson2.SecurityJackson2Modules* @return Redis序列化器*/@Beanpublic RedisSerializerRedis Session配置
/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-25 10:45*/
@Configuration
@EnableRedisHttpSession
public class CustomRedisHttpSessionConfig {private final RedisSerializerFastjson
同理,参考:Spring Session Redis最佳实践(3)使用Fastjson替换JDK序列化存储
常见问题
Spring Boot——Spring Session Redis整合Spring Security时错误【RedisConnectionFactory is required】解决方案
Spring Security + Spring Session + Redis——【SecurityContext】和【AuthenticationToken】JSON反序列化问题解决方案
Spring Security + Redis Session——JSON序列化错误[The class xxx and name of xxx is not whitelisted. ]解决方案
参考文章
Spring Session & RedisでJacksonを使ったシリアライズを試してみる
Spring Session + Redis——自定义JSON序列化解决方案
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!