Spring Security——集成Spring Session、Redis和JSON序列化解决方案
解决方案集成Spring Session集成Spring Session RedisJSON序列化常见问题Spring Boot——Spring Session Redis整合Spring Security时错误【RedisConnectionFactory is required】解决方案Spring Security + Spring Session + Redis——【SecurityCon
·
官方文档
https://docs.spring.io/spring-session/docs/2.4.2/reference/html5/#spring-security
Maven
主要
<!--Spring Security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--Spring Data Redis-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!--Spring Session-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
</dependency>
<!--Spring Data Redis Session-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
解决方案
集成Spring Session
Maven
<!--Spring Session-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
</dependency>
配置
/**
* @author ShenTuZhiGang
* @version 1.0.0
* @date 2021-02-16 20:27
*/
@Configuration
@EnableSpringHttpSession
public class CustomSpringHttpSessionConfig {
@Bean
public MapSessionRepository sessionRepository() {
return new MapSessionRepository(new ConcurrentHashMap<>());
}
}
集成Spring Session Redis
Maven
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
配置
取消Spring Session配置
/**
* @author ShenTuZhiGang
* @version 1.0.0
* @date 2021-02-16 20:27
*/
//@Configuration
//@EnableSpringHttpSession
public class CustomSpringHttpSessionConfig {
@Bean
public MapSessionRepository sessionRepository() {
return new MapSessionRepository(new ConcurrentHashMap<>());
}
}
Redis Session配置
@Configuration
public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {
@Autowired
private FindByIndexNameSessionRepository<S> sessionRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
// other config goes here...
.sessionManagement((sessionManagement) -> sessionManagement
.maximumSessions(2)
.sessionRegistry(sessionRegistry())
);
// @formatter:on
}
@Bean
public SpringSessionBackedSessionRegistry<S> sessionRegistry() {
return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);
}
}
Session Listener
/**
* @author ShenTuZhiGang
* @version 1.0.0
* @date 2021-02-25 10:45
*/
@Configuration
@EnableRedisHttpSession
public class CustomRedisHttpSessionConfig {
/**
* httpSession的会话监听,
*/
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
JSON序列化
Jackson2
Redis配置
/**
* @author ShenTuZhiGang
* @version 1.0.0
* @date 2021-03-16 23:12
*/
@Configuration
public class CustomRedisConfig {
// private ObjectMapper objectMapper = new ObjectMapper();
@Autowired
private ObjectMapper objectMapper; //需要另外配置,不是重点,自行配置
/**
* @see org.springframework.security.jackson2.SecurityJackson2Modules
* @return Redis序列化器
*/
@Bean
public RedisSerializer<Object> redisSerializer(){
ObjectMapper om = objectMapper.copy();
//om.registerModules(SecurityJackson2Modules.getModules(getClass().getClassLoader()));
//om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
om.registerModule(new CoreJackson2Module());
//om.registerModule(new CasJackson2Module());
om.registerModule(new WebJackson2Module());
om.registerModule(new WebServletJackson2Module());
om.registerModule(new WebServerJackson2Module());
om.registerModule(new OAuth2ClientJackson2Module());
SecurityJackson2Modules.enableDefaultTyping(om);
return new GenericJackson2JsonRedisSerializer(om);
}
@Bean
public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
redisTemplate.setConnectionFactory(redisConnectionFactory);
redisTemplate.setDefaultSerializer(redisSerializer());
redisTemplate.afterPropertiesSet();
return redisTemplate;
}
}
Redis Session配置
/**
* @author ShenTuZhiGang
* @version 1.0.0
* @date 2021-02-25 10:45
*/
@Configuration
@EnableRedisHttpSession
public class CustomRedisHttpSessionConfig {
private final RedisSerializer<Object> redisSerializer;
public CustomRedisHttpSessionConfig(RedisSerializer<Object> redisSerializer) {
this.redisSerializer = redisSerializer;
}
/**
* Spring Session Redis JSON序列化
* *注:bean的名称必须为springSessionDefaultRedisSerializer
*
* @see org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration
*/
@Bean
public RedisSerializer<Object> springSessionDefaultRedisSerializer(){
return redisSerializer;
}
/**
* httpSession的会话监听,
*/
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
Fastjson
同理,参考:Spring Session Redis最佳实践(3)使用Fastjson替换JDK序列化存储
常见问题
Spring Boot——Spring Session Redis整合Spring Security时错误【RedisConnectionFactory is required】解决方案
Spring Security + Spring Session + Redis——【SecurityContext】和【AuthenticationToken】JSON反序列化问题解决方案
Spring Security + Redis Session——JSON序列化错误[The class xxx and name of xxx is not whitelisted. ]解决方案
参考文章
更多推荐
已为社区贡献13条内容
所有评论(0)