Java 类org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy 实例源码

/**
 * Defines the session authentication strategy.
 */
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    // When using as confidential keycloak/OpenID Connect client:
    //return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    // When using as bearer-only keycloak/OpenID Connect client:
    return new NullAuthenticatedSessionStrategy();
}

/**
 * Configures the protected private resources.
 *
 * @param http HTTP sec object
 * @throws Exception ex
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    ConfigObject protectedResources = Config.getConfig().getObject("security.protected");
    ConfigValue apiSec = Config.getConfig().getValue("security.api_security");
    boolean enableRestFilter = apiSec != null && Boolean.TRUE.equals(apiSec.unwrapped());
    String signinPath = Config.getConfigParam("security.signin", "/signin");
    String signoutPath = Config.getConfigParam("security.signout", "/signout");
    String accessDeniedPath = Config.getConfigParam("security.access_denied", "/403");
    String signoutSuccessPath = Config.getConfigParam("security.signout_success", signinPath);

    // If API security is disabled don't add the API endpoint to the list of protected resources
    if (enableRestFilter) {
        http.authorizeRequests().requestMatchers(RestRequestMatcher.INSTANCE);
    }

    parseProtectedResources(http, protectedResources);

    if (Config.getConfigBoolean("security.csrf_protection", true)) {
        http.csrf().requireCsrfProtectionMatcher(CsrfProtectionRequestMatcher.INSTANCE).
                csrfTokenRepository(csrfTokenRepository);
    } else {
        http.csrf().disable();
    }

    http.sessionManagement().enableSessionUrlRewriting(false);
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
    http.sessionManagement().sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
    http.exceptionHandling().authenticationEntryPoint(new SimpleAuthenticationEntryPoint(signinPath));
    http.exceptionHandling().accessDeniedHandler(new SimpleAccessDeniedHandler(accessDeniedPath));
    http.requestCache().requestCache(new SimpleRequestCache());
    http.logout().logoutUrl(signoutPath).logoutSuccessUrl(signoutSuccessPath);
    http.rememberMe().rememberMeServices(rememberMeServices);

    registerAuthFilters(http);

    if (enableRestFilter) {
        if (jwtFilter != null) {
            jwtFilter.setAuthenticationManager(authenticationManager());
            http.addFilterBefore(jwtFilter, RememberMeAuthenticationFilter.class);
        }
        RestAuthFilter restFilter = new RestAuthFilter();
        http.addFilterAfter(restFilter, JWTRestfulAuthFilter.class);
    }
}