【问题标题】:many session endpoints under cookies tabcookie 选项卡下的许​​多会话端点
【发布时间】:2020-10-12 00:26:44
【问题描述】:

我们有一个 Spring MVC 应用程序,我认为会话或 cookie 管理存在一些错误配置,基本上我们有关于资源、会话配置和安全性的配置

XML 配置:

<security:http auto-config=
                           "false" use-expressions="true"
                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
                   create-session="ifRequired">
        <security:headers>
            <security:frame-options policy="SAMEORIGIN"/>
        </security:headers>
        <security:csrf disabled="true"/>
        <security:custom-filter ref="sessionFilter" before="SESSION_MANAGEMENT_FILTER" />
        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />

        <security:intercept-url pattern="/resources/**" access="permitAll()"/>
        ...
</security:http>   

会话过滤器:

public class SessionFilter implements Filter {

    private boolean httpOnly=false;
    private boolean secure=false;

    public SessionFilter(boolean httpOnly, boolean secure) {
        this.httpOnly = httpOnly;
        this.secure = secure;
    }

    public SessionFilter() {
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(
            ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        Cookie[] allCookies = req.getCookies();

        if (allCookies != null && !"self-health-check".equals(req.getHeader("User-Agent"))) {
            Cookie session =
                    Arrays.stream(allCookies).filter(x -> x.getName().equals("JSESSIONID"))
                            .findFirst().orElse(null);

            if (session != null) {
                session.setHttpOnly(httpOnly);
                session.setSecure(secure);
                res.addCookie(session);
            }
        }
        chain.doFilter(req, res);
    }

    @Override
    public void destroy() {

    }
}

客户正在问这个问题;为什么有很多会话端点? 不知道正常不正常。 请帮忙!

【问题讨论】:

    标签: spring spring-mvc session cookies resources


    【解决方案1】:

    几个月后我找到了解决方案。问题不在于我的 spring MVC 配置,而在于 web.xml 配置。我们需要添加一个跟踪模式设置

    <session-config>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2011-06-10
      • 1970-01-01
      • 2010-10-22
      • 1970-01-01
      • 2014-03-11
      • 2011-07-27
      • 1970-01-01
      相关资源
      最近更新 更多