Я работаю над приложением Spring-MVC, в котором для отображения онлайн-пользователей я проверяю, находится ли пользователь в сети от sessionRegistry. К сожалению, он не работает. Я понятия не имею, почему нет содержимого в sessionRegistry.getAllPrincipals(). Я также добавил информацию в security-context.xml, но это не помогло.Spring-MVC, Spring-Spring-Security: Не удалось получить онлайн-пользователя от sessionRegistry
Код:
@Override
public boolean checkIfUserhasSession(int id) {
Person person = this.personService.getPersonById(id);
String email = person.getUsername();
System.out.println("Person email is "+email);
List<Object> principals = sessionRegistry.getAllPrincipals();
for (Object principal : principals) {
// It never reaches here
System.out.println("We are in Principals list");
if (principal instanceof User) {
String username = ((User) principal).getUsername();
System.out.println("Username is"+username);
if(email.equals(username)){
return true;
}
}
}
return false;
}
безопасности context.xml:
<security:http>
<security:session-management session-fixation-protection="migrateSession">
<security:concurrency-control session-registry-ref="sessionRegistry" max-sessions="5" expired-url="/login"/>
</security:session-management>
<security:http/>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
журнала отладки:
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]07a81d: Authentication: org.springframew[email protected]6607a81d: Principal: [email protected]: Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 2384D4496E421247E8B668EFF598C177; Granted Authorities: ROLE_USER'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 2 of 12 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 3 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 6 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 7 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 8 of 12 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
DEBUG: org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframew[email protected]6607a81d: Principal: [email protected]: Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 2384D4496E421247E8B668EFF598C177; Granted Authorities: ROLE_USER'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframew[email protected]6607a81d: Principal: [email protected]: Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 2384D4496E421247E8B668EFF598C177; Granted Authorities: ROLE_USER'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
DEBUG: org.springframework.security.web.FilterChainProxy - /checkuseronline/8550 reached end of additional filter chain; proceeding with original chain
Person email is [email protected]
User is false
Пожалуйста, обратите внимание, я добавил 5 сеансов, так что пользователь может использовать его на несколько устройств одновременно ... Любая помощь будет приятной. Спасибо большое. :-)
Редактировать
I also added some code mentioned from the documentation, it doesn't help.
<security:http create-session="ifRequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:custom-filter after="CONCURRENT_SESSION_FILTER" ref="myAuthFilter" />
<security:session-management session-authentication-strategy-ref="sas"/>
</security:http>
<beans:bean id="myAuthFilter" class=
"org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login" />
</beans:bean>
<beans:bean id="sas" class=
"org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
<beans:property name="maximumSessions" value="5" />
</beans:bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
Я действительно не знаю, что еще нужно. Любая помощь будет приятной. Большое спасибо.
@MitulSanghani: У меня нет, как я проверил на сети, это были единственные модификации предложили. Не могли бы вы рассказать мне, чего не хватает. Большое спасибо. Я также добавляю журнал отладки. –
См. Http://docs.spring.io/spring-security/site/docs/3.1.7.RELEASE/reference/session-mgmt.html –
@MitulSanghani ConcurrentSessionControlStrategy устарела, и я не вижу никакой реализации sessionRegistry по ссылке, которую вы предоставили, просто бобы. Должен ли я добавить их? –