SpringCloud-無狀態Session配置方法一
阿新 • • 發佈:2018-12-04
1、需求
rest客戶端訪問rest服務端預設狀態的配置策略是:無狀態的;
假如預設配置策略不是無狀態配置,則需要配置為無狀態;
若不配置無狀態,則rest服務端會爆掉,堆積海量的sessionId;
2、Session狀態策略:org.springframework.security.config.http.SessionCreationPolicy
public enum SessionCreationPolicy { /** Always create an {@link HttpSession} */ ALWAYS, /** * Spring Security will never create an {@link HttpSession}, but will use the * {@link HttpSession} if it already exists */ NEVER, /** Spring Security will only create an {@link HttpSession} if required */ IF_REQUIRED, /** * Spring Security will never create an {@link HttpSession} and it will never use it * to obtain the {@link SecurityContext} */ STATELESS }
3、程式配置如下:
package com.zemel.security.config; import javax.annotation.Resource; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource public void configGloabl(AuthenticationManagerBuilder auth)throws Exception{ auth.inMemoryAuthentication().withUser("wendy").password("wendy").roles("USER") .and().withUser("admin").password("hello").roles("USER", "ADMIN"); } @Override protected void configure(HttpSecurity http) throws Exception { // 表示所有的訪問都必須認證,認證處理後才可以正常進行 http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated(); // 所有的rest服務一定要設定為無狀態,以提升操作效率和效能 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } }
4、配置檔案配置session策略
security.sessions: stateless