Can I manage multiple browser tabs with Spring Security?

后端未结

关注

 3  880

小鲜肉 2020-12-09 13:00

I wonder if, with Spring Security, I can validate the user sessions, allowing only one browser tab open. Is it possible?

I would also like to know if I can do it, wh

3条回答

一整个雨季 (楼主)

2020-12-09 13:59

I have recently implemented a solution to multiple tabs/windows using Spring Security. For successful login I use `LoginSucessHandler`` and set an unique window name in session. On the main template page I have setup a window name and on each page load verify window name with session's window name, if it is not the same then redirect to the error page.

Below are configurations and code:

@Service
public class LoginSucessHandler extends
        SavedRequestAwareAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws ServletException, IOException {
        User user = (User) authentication.getPrincipal();
        String windowName = user.getUsername() + new Date().getTime();
        HttpSession session = request.getSession();
        session.setAttribute("windowName", windowName);
        session.setAttribute("windowNameToSet", windowName);
        super.onAuthenticationSuccess(request, response, authentication);
    }

}

Main template or header page:

For security context:

Just make sure that on login.jsp above JavaScript is not included.

0 讨论(0)

查看其它3个回答