Spring sessionRegistry 给出零登录用户的列表
Spring sessionRegistry gives list of zero logged in users
我参考这篇文章写了一个登录页面
Krams tutorial
但是我根据最新的文档更改了sessionRegistry配置
我得到的主体列表为 0。
这是我的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<!-- <mvc:resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.project.session" />
<security:http auto-config="false" entry-point-ref="authenticationEntryPoint" use-expressions="true" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll" />
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/krams/main/users" access="hasRole('ROLE_USER')" />
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:session-management session-authentication-strategy-ref="sas" />
</security:http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy"
ref="sas" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler"
ref="customAuthenticationSuccessHandler" />
<beans:property name="authenticationFailureHandler"
ref="customAuthenticationFailureHandler" />
</beans:bean>
<beans:bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/krams/auth/login?error=true"></beans:property>
</beans:bean>
<beans:bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/krams/main/common"></beans:property>
</beans:bean>
<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/krams/auth/session-expired" />
</beans:bean>
<beans:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/krams/auth/login"></beans:property>
</beans:bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="myUserDetailService">
<!-- <security:password-encoder hash="sha" /> -->
</security:authentication-provider>
</security:authentication-manager>
<security:user-service id="myUserDetailService">
<security:user name="john" password="admin1234"
authorities="ROLE_USER" />
<security:user name="jane" password="admin1234"
authorities="ROLE_USER" />
</security:user-service>
<!-- <beans:bean id="sas" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<beans:constructor-arg>
<beans:list>
<beans:bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
<beans:property name="exceptionIfMaximumExceeded"
value="true" />
</beans:bean>
<beans:bean
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</beans:bean>
<beans:bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry" />
</beans:bean>
</beans:list>
</beans:constructor-arg>
</beans:bean> -->
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:property name = "maximumSessions" value="-1" />
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans:beans>
这是我在控制器中使用它的方式
@Autowired
@Qualifier("sessionRegistry")
private SessionRegistry sessionRegistry;
/**
* Handles and retrieves list of logged-in users as JSP view
*
* @return the name of the JSP page
*/
@RequestMapping(value = "/users", method = RequestMethod.GET)
public String getUsersPage(Model model) {
logger.debug("Received request to show users page");
logger.debug("Total logged-in users: " + sessionRegistry.getAllPrincipals().size());
System.out.println("Total logged-in users: " + sessionRegistry.getAllPrincipals().size());
logger.debug("List of logged-in users: ");
System.out.println("List of logged-in users: ");
for (Object username: sessionRegistry.getAllPrincipals()) {
logger.debug((String) username);
System.out.println("names " + (String) username);
}
if(sessionRegistry.getAllPrincipals().size() == 0)
return "userspage";
logger.debug("Total sessions including expired ones: " + sessionRegistry.getAllSessions(sessionRegistry.getAllPrincipals().get(0), true).size());
logger.debug("Total sessions: " + sessionRegistry.getAllSessions(sessionRegistry.getAllPrincipals().get(0), false).size());
// Attach to model list of users and granted authorities
model.addAttribute("users", sessionRegistry.getAllPrincipals());
model.addAttribute("total", sessionRegistry.getAllPrincipals().size());
// This will resolve to /WEB-INF/jsp/userspage.jsp
return "userspage";
}
这里是web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/krams/*</url-pattern>
</servlet-mapping>
谁能告诉我我哪里出错了?
是否有任何配置丢失或错误?
您的 ContextLoaderListener 和 DispatcherServlet 正在加载相同的配置。这会导致加载整个应用程序两次,进而导致您的 Spring 安全性使用与控制器不同的 SessionRegistry 实例,后者始终为空。
您应该将您的配置拆分为一个由 ContextLoaderListener 加载的配置和一个由 DispatcherServlet 加载的配置。
ContextLoaderListener 应该包含所有全局内容,例如服务、存储库、基础结构 bean(数据源、连接工厂等)和您的安全配置。另外我要说的是,您当前的配置非常多,只需使用 security 命名空间即可实现相同的配置。考虑到这一点,配置应如下所示。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.project.session">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<security:http use-expressions="true">
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/main/users" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/krams/auth/login"
default-target-url="/krams/main/common"
authentication-failure-url="/krams/auth/login?error=true"/>
<security:logout invalidate-session="true" logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
<security:session-management>
<security:concurrency-control max-sessions="1" session-registry-alias="sessionRegistry" expired-url="/krams/auth/session-expired"/>
</security:session-management>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="john" password="admin1234" authorities="ROLE_USER"/>
<security:user name="jane" password="admin1234" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
您的 DispatcherServlet 配置应该只加载与 Web 相关的 bean,如控制器、视图解析器等。应该如下所示
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<!-- <mvc:resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<context:component-scan base-package="com.project.session" use-default-filters="false">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
</context:component-scan>
</beans>
这将导致您的 bean 被加载一次并且您的控制器应该获得正确的 SessionRegistry 实例。
我参考这篇文章写了一个登录页面 Krams tutorial
但是我根据最新的文档更改了sessionRegistry配置
我得到的主体列表为 0。
这是我的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<!-- <mvc:resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.project.session" />
<security:http auto-config="false" entry-point-ref="authenticationEntryPoint" use-expressions="true" >
<security:intercept-url pattern="/krams/auth/login" access="permitAll" />
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/krams/main/users" access="hasRole('ROLE_USER')" />
<security:logout
invalidate-session="true"
logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:session-management session-authentication-strategy-ref="sas" />
</security:http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy"
ref="sas" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler"
ref="customAuthenticationSuccessHandler" />
<beans:property name="authenticationFailureHandler"
ref="customAuthenticationFailureHandler" />
</beans:bean>
<beans:bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/krams/auth/login?error=true"></beans:property>
</beans:bean>
<beans:bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/krams/main/common"></beans:property>
</beans:bean>
<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/krams/auth/session-expired" />
</beans:bean>
<beans:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/krams/auth/login"></beans:property>
</beans:bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="myUserDetailService">
<!-- <security:password-encoder hash="sha" /> -->
</security:authentication-provider>
</security:authentication-manager>
<security:user-service id="myUserDetailService">
<security:user name="john" password="admin1234"
authorities="ROLE_USER" />
<security:user name="jane" password="admin1234"
authorities="ROLE_USER" />
</security:user-service>
<!-- <beans:bean id="sas" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<beans:constructor-arg>
<beans:list>
<beans:bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
<beans:property name="exceptionIfMaximumExceeded"
value="true" />
</beans:bean>
<beans:bean
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</beans:bean>
<beans:bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry" />
</beans:bean>
</beans:list>
</beans:constructor-arg>
</beans:bean> -->
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:property name = "maximumSessions" value="-1" />
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans:beans>
这是我在控制器中使用它的方式
@Autowired
@Qualifier("sessionRegistry")
private SessionRegistry sessionRegistry;
/**
* Handles and retrieves list of logged-in users as JSP view
*
* @return the name of the JSP page
*/
@RequestMapping(value = "/users", method = RequestMethod.GET)
public String getUsersPage(Model model) {
logger.debug("Received request to show users page");
logger.debug("Total logged-in users: " + sessionRegistry.getAllPrincipals().size());
System.out.println("Total logged-in users: " + sessionRegistry.getAllPrincipals().size());
logger.debug("List of logged-in users: ");
System.out.println("List of logged-in users: ");
for (Object username: sessionRegistry.getAllPrincipals()) {
logger.debug((String) username);
System.out.println("names " + (String) username);
}
if(sessionRegistry.getAllPrincipals().size() == 0)
return "userspage";
logger.debug("Total sessions including expired ones: " + sessionRegistry.getAllSessions(sessionRegistry.getAllPrincipals().get(0), true).size());
logger.debug("Total sessions: " + sessionRegistry.getAllSessions(sessionRegistry.getAllPrincipals().get(0), false).size());
// Attach to model list of users and granted authorities
model.addAttribute("users", sessionRegistry.getAllPrincipals());
model.addAttribute("total", sessionRegistry.getAllPrincipals().size());
// This will resolve to /WEB-INF/jsp/userspage.jsp
return "userspage";
}
这里是web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/krams/*</url-pattern>
</servlet-mapping>
谁能告诉我我哪里出错了? 是否有任何配置丢失或错误?
您的 ContextLoaderListener 和 DispatcherServlet 正在加载相同的配置。这会导致加载整个应用程序两次,进而导致您的 Spring 安全性使用与控制器不同的 SessionRegistry 实例,后者始终为空。
您应该将您的配置拆分为一个由 ContextLoaderListener 加载的配置和一个由 DispatcherServlet 加载的配置。
ContextLoaderListener 应该包含所有全局内容,例如服务、存储库、基础结构 bean(数据源、连接工厂等)和您的安全配置。另外我要说的是,您当前的配置非常多,只需使用 security 命名空间即可实现相同的配置。考虑到这一点,配置应如下所示。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.project.session">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<security:http use-expressions="true">
<security:intercept-url pattern="/krams/auth/login" access="permitAll"/>
<security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/main/common" access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/main/users" access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/krams/auth/login"
default-target-url="/krams/main/common"
authentication-failure-url="/krams/auth/login?error=true"/>
<security:logout invalidate-session="true" logout-success-url="/krams/auth/login"
logout-url="/krams/auth/logout"/>
<security:session-management>
<security:concurrency-control max-sessions="1" session-registry-alias="sessionRegistry" expired-url="/krams/auth/session-expired"/>
</security:session-management>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="john" password="admin1234" authorities="ROLE_USER"/>
<security:user name="jane" password="admin1234" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
您的 DispatcherServlet 配置应该只加载与 Web 相关的 bean,如控制器、视图解析器等。应该如下所示
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<mvc:annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<!-- <mvc:resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<context:component-scan base-package="com.project.session" use-default-filters="false">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
</context:component-scan>
</beans>
这将导致您的 bean 被加载一次并且您的控制器应该获得正确的 SessionRegistry 实例。