官方文檔

https://docs.spring.io/spring-session/docs/2.4.2/reference/html5/#spring-security

Maven

主要

<!--Spring Security--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><!--Spring Data Redis--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-redis</artifactId></dependency><!--Spring Session--><dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-core</artifactId></dependency><!--Spring Data Redis Session--><dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-data-redis</artifactId></dependency>

解決方案

集成Spring Session

Maven

<!--Spring Session--><dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-core</artifactId></dependency>

配置?

/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-16 20:27*/ @Configuration @EnableSpringHttpSession public class CustomSpringHttpSessionConfig {@Beanpublic MapSessionRepository sessionRepository() {return new MapSessionRepository(new ConcurrentHashMap<>());}}

集成Spring Session Redis

Maven

<dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-data-redis</artifactId> </dependency> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-redis</artifactId> </dependency>

配置?

取消Spring Session配置?

/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-16 20:27*/ //@Configuration //@EnableSpringHttpSession public class CustomSpringHttpSessionConfig {@Beanpublic MapSessionRepository sessionRepository() {return new MapSessionRepository(new ConcurrentHashMap<>());}}

Redis Session配置??

@Configuration public class SecurityConfiguration<S extends Session> extends WebSecurityConfigurerAdapter {@Autowiredprivate FindByIndexNameSessionRepository<S> sessionRepository;@Overrideprotected void configure(HttpSecurity http) throws Exception {// @formatter:offhttp// other config goes here....sessionManagement((sessionManagement) -> sessionManagement.maximumSessions(2).sessionRegistry(sessionRegistry()));// @formatter:on}@Beanpublic SpringSessionBackedSessionRegistry<S> sessionRegistry() {return new SpringSessionBackedSessionRegistry<>(this.sessionRepository);}}

Session Listener

/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-25 10:45*/ @Configuration @EnableRedisHttpSession public class CustomRedisHttpSessionConfig {/*** httpSession的會(huì)話監(jiān)聽，*/@Beanpublic HttpSessionEventPublisher httpSessionEventPublisher() {return new HttpSessionEventPublisher();} }

JSON序列化

Jackson2

Redis配置??

/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-03-16 23:12*/ @Configuration public class CustomRedisConfig {// private ObjectMapper objectMapper = new ObjectMapper();@Autowiredprivate ObjectMapper objectMapper; //需要另外配置，不是重點(diǎn)，自行配置/*** @see org.springframework.security.jackson2.SecurityJackson2Modules* @return Redis序列化器*/@Beanpublic RedisSerializer<Object> redisSerializer(){ObjectMapper om = objectMapper.copy();//om.registerModules(SecurityJackson2Modules.getModules(getClass().getClassLoader()));//om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);om.registerModule(new CoreJackson2Module());//om.registerModule(new CasJackson2Module());om.registerModule(new WebJackson2Module());om.registerModule(new WebServletJackson2Module());om.registerModule(new WebServerJackson2Module());om.registerModule(new OAuth2ClientJackson2Module());SecurityJackson2Modules.enableDefaultTyping(om);return new GenericJackson2JsonRedisSerializer(om);}@Beanpublic RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();redisTemplate.setConnectionFactory(redisConnectionFactory);redisTemplate.setDefaultSerializer(redisSerializer());redisTemplate.afterPropertiesSet();return redisTemplate;} }

Redis Session配置??

/*** @author ShenTuZhiGang* @version 1.0.0* @date 2021-02-25 10:45*/ @Configuration @EnableRedisHttpSession public class CustomRedisHttpSessionConfig {private final RedisSerializer<Object> redisSerializer;public CustomRedisHttpSessionConfig(RedisSerializer<Object> redisSerializer) {this.redisSerializer = redisSerializer;}/*** Spring Session Redis JSON序列化* *注：bean的名稱必須為springSessionDefaultRedisSerializer** @see org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration*/@Beanpublic RedisSerializer<Object> springSessionDefaultRedisSerializer(){return redisSerializer;}/*** httpSession的會(huì)話監(jiān)聽，*/@Beanpublic HttpSessionEventPublisher httpSessionEventPublisher() {return new HttpSessionEventPublisher();} }

Fastjson

同理，參考：Spring Session Redis最佳實(shí)踐（3）使用Fastjson替換JDK序列化存儲(chǔ)

常見問題

Spring Boot——Spring Session Redis整合Spring Security時(shí)錯(cuò)誤【RedisConnectionFactory is required】解決方案

Spring Security + Spring Session + Redis——【SecurityContext】和【AuthenticationToken】JSON反序列化問題解決方案

Spring Security + Redis Session——JSON序列化錯(cuò)誤[The class xxx and name of xxx is not whitelisted. ]解決方案

參考文章

Spring Session & RedisでJacksonを使ったシリアライズを試してみる

Spring Session + Redis——自定義JSON序列化解決方案

總結(jié)

以上是生活随笔為你收集整理的Spring Security——集成Spring Session、Redis和JSON序列化解决方案的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。