Java Spring会话无法获取应用程序中所有已登录用户的列表
这是我的Java Spring会话无法获取应用程序中所有已登录用户的列表,java,spring-mvc,spring-session,Java,Spring Mvc,Spring Session,这是我的SecureConfig文件,以及自定义会话存储库和自定义用户名密码身份验证筛选器 @Bean public ServletListenerRegistrationBean httpSessionEventPublisher(){ 返回新的ServletListenerRegistrationBean(新的HttpSessionEventPublisher()); } @豆子 @订单(1) 公共ConcurrentSessionControlAuthenticationStrategy
SecureConfig@Bean
public ServletListenerRegistrationBean httpSessionEventPublisher(){
返回新的ServletListenerRegistrationBean(新的HttpSessionEventPublisher());
}
@豆子
@订单(1)
公共ConcurrentSessionControlAuthenticationStrategy ConcurrentSessionControlAuthenticationStrategy(){
ConcurrentSessionControlAuthenticationStrategy cscas=新的ConcurrentSessionControlAuthenticationStrategy(sessionRegistry());
cscas.setMaximumSessions(-1);
cscas.setExceptionIfmaximumExcepended(真);
返回CSCA;
}
@豆子
@订单(2)
public SessionFixationProtectionStrategy SessionFixationProtectionStrategy(){
返回新的SessionFixationProtectionStrategy();
}
@豆子
@订单(3)
公共注册表SessionAuthenticationStrategy注册表SessionAuthenticationStrategy(){
RegisterSessionAuthenticationStrategy RegisterSessionAuthenticationStrategy=新的RegisterSessionAuthenticationStrategy(sessionRegistry());
返回registerSessionAuthenticationStrategy;
}
@豆子
公共CompositeSessionAuthenticationStrategy CompositeSessionAuthenticationStrategy(){
List sessionAuthenticationStrategies=new ArrayList();
添加(concurrentSessionControlAuthenticationStrategy());
sessionAuthenticationStrategies.add(sessionFixationProtectionStrategy());
添加(registerSessionAuthenticationStrategy());
CompositeSessionAuthenticationStrategy CompositeSessionAuthenticationStrategy=新的CompositeSessionAuthenticationStrategy(会话身份验证策略);
返回compositeSessionAuthenticationStrategy;
}
http.sessionManagement().sessionFixation().migrateSession().sessionAuthenticationStrategy(compositeSessionAuthenticationStrategy);
@Autowired
@Resource(name="sessionRegistry")
private SessionRegistry sessionRegistry;
//getting all logged in users from method
public List<CurrentUser> listLogInCurrentUsers() {
List<Object> principals = sessionRegistry.getAllPrincipals();
LOGGER.info("prinipals: "+principals.get(0));
List<CurrentUser> usersList = new ArrayList<CurrentUser>();
for (Object principal : principals) {
if (principal instanceof org.springframework.security.core.userdetails.User) {
usersList.add(((CurrentUser) principal));
}
}
return usersList;
}
@Autowired
@资源(name=“sessionRegistry”)
非公开会议登记处会议登记处;
//从方法获取所有已登录用户
公共列表listLogInCurrentUsers(){
List principals=sessionRegistry.getAllPrincipals();
LOGGER.info(“prinipals:+principals.get(0));
List usersList=new ArrayList();
for(对象主体:主体){
if(org.springframework.security.core.userdetails.User的主体实例){
添加(((当前用户)主体));
}
}
返回用户列表;
}
我几乎花了好几天时间来解决这个问题。在我看来,您正在创建SessionRegistry的多个实例。sessionRegistry()方法应始终返回与中相同的实例
private SessionRegistry sessionRegistry;
@Bean
public SessionRegistry sessionRegistry() {
if (sessionRegistry == null) {
sessionRegistry = new SessionRegistryImpl();
}
return sessionRegistry;
}
我认为缺少的是将sessionRegistry也传递给concurrentSessionFilter。我与您有相同的问题,并添加以下代码修复了该问题:
@Bean
public ConcurrentSessionFilter concurrentSessionFilter() {
return new ConcurrentSessionFilter(sessionRegistry(), new SimpleRedirectSessionInformationExpiredStrategy("/"));
}
protected void configure(HttpSecurity http) throws Exception {
...
http.
...
.addFilterAt(concurrentSessionFilter(), ConcurrentSessionFilter.class)
...
}
private SessionRegistry sessionRegistry;
@Bean
public SessionRegistry sessionRegistry() {
if (sessionRegistry == null) {
sessionRegistry = new SessionRegistryImpl();
}
return sessionRegistry;
}
@Bean
public ConcurrentSessionFilter concurrentSessionFilter() {
return new ConcurrentSessionFilter(sessionRegistry(), new SimpleRedirectSessionInformationExpiredStrategy("/"));
}
protected void configure(HttpSecurity http) throws Exception {
...
http.
...
.addFilterAt(concurrentSessionFilter(), ConcurrentSessionFilter.class)
...
}