您需要执行以下操作才能使其正常工作:
根据https://github.com/spring-projects/spring-security/issues/3078的说明,您需要显式提供会话注册表作为解决此问题的方法。(此步骤是可选的。我想它已修复。的最新版本。如果该功能不起作用,则可以添加此步骤。)
Spring Security需要
HttpSessionListener
进行注册。
您的最终代码应如下所示:
@Configuration@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)protected class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .httpBasic(); http .authorizeRequests() .antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll() .anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(cookieCsrfTokenRepository.withHttponlyFalse()); // @formatter:on http .sessionManagement() .maximumSessions(1) .maxSessionsPreventsLogin(true) .sessionRegistry(sessionRegistry()); }}// Work around https://jira.spring.io/browse/SEC-2855@Beanpublic SessionRegistry sessionRegistry() { SessionRegistry sessionRegistry = new SessionRegistryImpl(); return sessionRegistry;}// Register HttpSessionEventPublisher@Beanpublic static ServletListenerRegistrationBean httpSessionEventPublisher() { return new ServletListenerRegistrationBean(new HttpSessionEventPublisher());}
