我们有一个集群的tomcat环境,其中有两个节点(trunk-n1和trunk-n2),每个节点都有apache和tomcat实例,在以下情况下会出现问题
https://trunk/PP指向节点trunk-n1和trunk-n2节点的负载均衡器URL ,当两个节点都启动并且用户登录到应用程序时,如果用户位于N1上并且当我们将N1节点关闭时,负载分配器分配一个节点(假设为N1)。无缝重定向到N2,但有时用户会注销
https://trunk/PP
trunk-n1
trunk-n2
以下是用于上述情况的无缝重定向的请求标头和Spring Security调试日志
Headers when user is on N1 Request Headers: GET /PP/core/images/icons/cross.png HTTP/1.1 Host: trunk:443 Accept: image/webp,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Cookie: sessionIdForCognos=ADB5D9EC2AF7FC0B04795E066C429E97.trunk-n1 Referer: https://trunk/PP/core/css/icons.css User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Response Headers: HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Connection: Keep-Alive Content-Length: 655 Content-Type: image/png Date: Wed, 06 Apr 2016 17:31:19 GMT ETag: "28f-5234b6e15e000" Expires: Sat, 04 Apr 2026 17:31:19 GMT Keep-Alive: timeout=70, max=97 Last-Modified: Fri, 30 Oct 2015 05:09:20 GMT Server: None Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-UA-Compatible: IE=9 Headers when N1 took and redirected to N2 Request Headers: GET /PP/timeout.do?ajax=true&_=1459963879470 HTTP/1.1 Host: trunk:443 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Cache-Control: no-cache Cookie: WebDAV.activeX=false; JSESSIONID=ADB5D9EC2AF7FC0B04795E066C429E97.trunk-n1; sessionIdForCognos=ADB5D9EC2AF7FC0B04795E066C429E97.trunk-n1 Referer: https://trunk/PP/enduser/listscreens/show.do?screenName=Lawfirm%20Invoice%20Parcels User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 X-Requested-With: XMLHttpRequest Response Headers: HTTP/1.1 200 OK Connection: Keep-Alive Content-Encoding: gzip Content-Length: 74 Content-Type: text/html;charset=UTF-8 Date: Wed, 06 Apr 2016 17:32:01 GMT Keep-Alive: timeout=70, max=95 Server: None Set-Cookie: sessionIdForCognos=ADB5D9EC2AF7FC0B04795E066C429E97.trunk-n2; Path=/; Secure; HttpOnly Set-Cookie: JSESSIONID=ADB5D9EC2AF7FC0B04795E066C429E97.trunk-n2; Path=/PP; Secure; HttpOnly Strict-Transport-Security: max-age=63072000; includeSubdomains; preload Vary: Accept-Encoding X-FRAME-OPTIONS: SAMEORIGIN X-UA-Compatible: IE=9 App log from N2 ------------------------ [Apr 06 17:31:52,233] DEBUG | org.springframework.security.web.context.SecurityContextPersistenceFilter | | kJWPdVD9IUVz | SecurityContextHolder now cleared, as request processing completed [Apr 06 17:32:02,175] DEBUG | org.springframework.security.web.FilterChainProxy | | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' [Apr 06 17:32:02,177] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | kJWPdVD9IUVz | Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@9caf2e44: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9caf2e44: Principal: org.springframework.security.core.userdetails.User@536a6fad: Username: user1@dc.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 1.1.1.1; SessionId: CB186F4366D029B81933B16BD7E4F9A4.trunk-n1; Not granted any authorities' [Apr 06 17:32:02,201] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 2 of 13 in additional filter chain; firing Filter: 'WelcomePageRedirectFilter' [Apr 06 17:32:02,201] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 3 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' [Apr 06 17:32:02,201] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 4 of 13 in additional filter chain; firing Filter: 'InternalAuthenticationFilter' [Apr 06 17:32:02,202] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' [Apr 06 17:32:02,202] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' [Apr 06 17:32:02,203] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' [Apr 06 17:32:02,203] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' [Apr 06 17:32:02,203] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' [Apr 06 17:32:02,203] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' [Apr 06 17:32:02,203] DEBUG | org.springframework.security.web.authentication.AnonymousAuthenticationFilter | user1@dc.com | kJWPdVD9IUVz | SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9caf2e44: Principal: org.springframework.security.core.userdetails.User@536a6fad: Username: user1@dc.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 1.1.1.1; SessionId: CB186F4366D029B81933B16BD7E4F9A4.trunk-n1; Not granted any authorities' [Apr 06 17:32:02,204] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter' [Apr 06 17:32:02,204] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' [Apr 06 17:32:02,204] DEBUG | org.springframework.security.web.FilterChainProxy | user1@dc.com | kJWPdVD9IUVz | /timeout.do?ajax=true&_=1459963879470 at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
退出用户重定向失败
Headers when user is on N2 Request Headers: GET /PP/core/images/icons/pencil.png HTTP/1.1 Host: trunk:443 Accept: image/webp,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Cookie: sessionIdForCognos=46A37357A369A1065184EDDA3AE0ED0C.trunk-n2 Referer: https://trunk/PP/core/css/icons.css User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Response Headers: HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Connection: Keep-Alive Content-Length: 450 Content-Type: image/png Date: Wed, 06 Apr 2016 16:26:12 GMT ETag: "1c2-5234b6e15e000" Expires: Sat, 04 Apr 2026 16:26:12 GMT Keep-Alive: timeout=70, max=86 Last-Modified: Fri, 30 Oct 2015 05:09:20 GMT Server: None Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-UA-Compatible: IE=9 Headers when N2 is down and redirected to N1 Request Headers: GET /PP/j_spring_security_logout?ajax=true&_=1459959972331 HTTP/1.1 Host: trunk:443 Accept: application/json, text/javascript, */*; q=0.01 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Cache-Control: no-cache Cookie: WebDAV.activeX=false; JSESSIONID=46A37357A369A1065184EDDA3AE0ED0C.trunk-n2; sessionIdForCognos=46A37357A369A1065184EDDA3AE0ED0C.trunk-n2 Referer: https://trunk/PP/enduser/listscreens/show.do?screenName=Lawfirm%20Invoice%20Parcels User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 X-Requested-With: XMLHttpRequest Response Headers: HTTP/1.1 302 Found Connection: Keep-Alive Content-Length: 0 Date: Wed, 06 Apr 2016 16:27:29 GMT Keep-Alive: timeout=70, max=83 Location: https://trunk/PP/index.do Server: None Set-Cookie: JSESSIONID=DAD957102283938AA31F157085F9818D.trunk-n1; Path=/PP; Secure; HttpOnly Set-Cookie: sessionIdForCognos=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-UA-Compatible: IE=9 App log ----------------------- [Apr 06 16:27:22,305] DEBUG | org.springframework.security.web.context.SecurityContextPersistenceFilter | | BKrUPVga5kki | SecurityContextHolder now cleared, as request processing completed [Apr 06 16:27:29,740] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' [Apr 06 16:27:29,741] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | | HttpSession returned null object for SPRING_SECURITY_CONTEXT [Apr 06 16:27:29,741] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | | No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@773b75c1. A new one will be created. [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 2 of 13 in additional filter chain; firing Filter: 'WelcomePageRedirectFilter' [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 3 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 4 of 13 in additional filter chain; firing Filter: 'InternalAuthenticationFilter' [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' [Apr 06 16:27:29,742] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 7 of 13 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.FilterChainProxy | | | /timeout.do?ajax=true&_=1459959972330 at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.authentication.AnonymousAuthenticationFilter | anonymousUser | | Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 1.1.1.1; SessionId: 46A37357A369A1065184EDDA3AE0ED0C.trunk-n1; Granted Authorities: ROLE_ANONYMOUS' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.FilterChainProxy | anonymousUser | | /timeout.do?ajax=true&_=1459959972330 at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter' [Apr 06 16:27:29,743] DEBUG | org.springframework.security.web.FilterChainProxy | anonymousUser | | /timeout.do?ajax=true&_=1459959972330 at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.FilterChainProxy | anonymousUser | | /timeout.do?ajax=true&_=1459959972330 at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/admin/**' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/system/upgrade.do' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/system/upgradestatus.do' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/enduser/ajax/upgradecounts.do' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/system/**' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/enduser/**' [Apr 06 16:27:29,744] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/changepassword.do' [Apr 06 16:27:29,745] DEBUG | org.springframework.security.web.util.matcher.AntPathRequestMatcher | anonymousUser | | Checking match of request : '/timeout.do'; against '/index.do' [Apr 06 16:27:29,745] DEBUG | org.springframework.security.web.access.intercept.FilterSecurityInterceptor | anonymousUser | | Public object - authentication not attempted [Apr 06 16:27:29,746] INFO | org.springframework.security.access.event.LoggerListener | anonymousUser | | Security interception not required for public secure object: FilterInvocation: URL: /timeout.do?ajax=true&_=1459959972330 [Apr 06 16:27:29,746] DEBUG | org.springframework.security.web.FilterChainProxy | anonymousUser | | /timeout.do?ajax=true&_=1459959972330 reached end of additional filter chain; proceeding with original chain [Apr 06 16:27:29,751] DEBUG | org.springframework.security.web.access.ExceptionTranslationFilter | anonymousUser | uDCzcUTsm7SD | Chain processed normally [Apr 06 16:27:29,751] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | uDCzcUTsm7SD | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. [Apr 06 16:27:29,751] DEBUG | org.springframework.security.web.context.SecurityContextPersistenceFilter | | uDCzcUTsm7SD | SecurityContextHolder now cleared, as request processing completed [Apr 06 16:27:29,767] DEBUG | org.springframework.security.web.FilterChainProxy | | BKrUPVga5kki | /j_spring_security_logout?ajax=true&_=1459959972331 at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' [Apr 06 16:27:29,768] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | BKrUPVga5kki | HttpSession returned null object for SPRING_SECURITY_CONTEXT [Apr 06 16:27:29,768] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | BKrUPVga5kki | No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@773b75c1. A new one will be created. [Apr 06 16:27:29,768] DEBUG | org.springframework.security.web.FilterChainProxy | | BKrUPVga5kki | /j_spring_security_logout?ajax=true&_=1459959972331 at position 2 of 13 in additional filter chain; firing Filter: 'WelcomePageRedirectFilter' [Apr 06 16:27:29,768] DEBUG | org.springframework.security.web.FilterChainProxy | | BKrUPVga5kki | /j_spring_security_logout?ajax=true&_=1459959972331 at position 3 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' [Apr 06 16:27:29,768] DEBUG | org.springframework.security.web.FilterChainProxy | | BKrUPVga5kki | /j_spring_security_logout?ajax=true&_=1459959972331 at position 4 of 13 in additional filter chain; firing Filter: 'InternalAuthenticationFilter' [Apr 06 16:27:29,769] DEBUG | org.springframework.security.web.FilterChainProxy | | BKrUPVga5kki | /j_spring_security_logout?ajax=true&_=1459959972331 at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter' [Apr 06 16:27:29,769] DEBUG | org.springframework.security.web.authentication.logout.LogoutFilter | | BKrUPVga5kki | Logging out user 'null' and transferring to logout destination [Apr 06 16:27:29,769] DEBUG | org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler | | BKrUPVga5kki | Invalidating session: 46A37357A369A1065184EDDA3AE0ED0C.trunk-n1 [Apr 06 16:27:29,778] DEBUG | org.springframework.security.web.DefaultRedirectStrategy | | BKrUPVga5kki | Redirecting to '/PP/index.do' [Apr 06 16:27:29,778] DEBUG | org.springframework.security.web.context.HttpSessionSecurityContextRepository | | BKrUPVga5kki | SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. [Apr 06 16:27:29,779] DEBUG | org.springframework.security.web.context.SecurityContextPersistenceFilter | | BKrUPVga5kki | SecurityContextHolder now cleared, as request processing completed
某个节点关闭时,有人可以帮助我解决此随机用户注销问题吗?
Tomcat会话未复制,并且在节点之一发生故障时导致用户注销,配置hazelcast为实现会话复制,如下所示
hazelcast
步骤1:将以下依赖项添加到pom.xml
<dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> <version>3.6.2</version> </dependency> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-wm</artifactId> <version>3.6.2</version> </dependency>
第2步:在现有过滤器的顶部添加以下代码段,web.xml以便首先将请求转到hazelcast
web.xml
<filter> <filter-name>hazelcast-filter</filter-name> <filter-class>com.hazelcast.web.spring.SpringAwareWebFilter</filter-class> <!-- Name of the distributed map storing your web session objects --> <init-param> <param-name>map-name</param-name> <param-value>my-sessions</param-value> </init-param> <init-param> <param-name>config-location</param-name> <param-value>/WEB-INF/hazelcast.xml</param-value> </init-param> <init-param> <param-name>sticky-session</param-name> <param-value>true</param-value> </init-param> <!-- Are you debugging? Default is false.--> <init-param> <param-name>debug</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>hazelcast-filter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> <listener> <listener-class>com.hazelcast.web.SessionListener</listener-class> </listener>
步骤3:建立hazelcast.xml如下
hazelcast.xml
<hazelcast xsi:schemaLocation="http://www.hazelcast.com/schema/config http://www.hazelcast.com/schema/config/hazelcast-config-3.6.xsd" xmlns="http://www.hazelcast.com/schema/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> </hazelcast>
第4步:初始化sessionRegistry您的beanapplicationContext.xml
sessionRegistry
applicationContext.xml
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
重新启动您的应用程序,并且会话复制可以在tomcat故障转移上运行
文档参考: http : //hazelcast.org/use- cases/clustering/ http://docs.hazelcast.org/docs/3.5/manual/html/websessionreplication.html http://docs.hazelcast.org/docs/ 3.6 / manual / html-single / index.html#preface
配置参考:https : //github.com/hazelcast/hazelcast-code-samples/tree/master/hazelcast- integration/spring-security
