Java 如何通过登录注销用户(非当前用户)?
我的系统中有两个角色:用户和管理员 管理员可以按姓名注销任何用户 我该怎么做? 我需要这样的东西:Java 如何通过登录注销用户(非当前用户)?,java,authentication,spring-boot,spring-security,Java,Authentication,Spring Boot,Spring Security,我的系统中有两个角色:用户和管理员 管理员可以按姓名注销任何用户 我该怎么做? 我需要这样的东西: service.logout用户(另一个用户名) 配置如下所示: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) t
service.logout用户(另一个用户名)
配置如下所示:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers
....
.formLogin()
.loginProcessingUrl("/api/login")
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.rememberMe()
.key("...")
.rememberMeCookieName("...")
.userDetailsService(userDetailsService)
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.permitAll();
import org.springframework.security.core.userdetails.User;
...
...
Set<SimpleGrantedAuthority> userRoles = new HashSet<>();
userRoles.add(new SimpleGrantedAuthority("ROLE_USER"));
User user = new User(anotherUserName, "", userRoles);
List<SessionInformation> sessions = sessionRegistry.getAllSessions(u, false);
for(SessionInformation info : infos) {
info.expireNow();
}
大概是这样的:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers
....
.formLogin()
.loginProcessingUrl("/api/login")
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.rememberMe()
.key("...")
.rememberMeCookieName("...")
.userDetailsService(userDetailsService)
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.permitAll();
import org.springframework.security.core.userdetails.User;
...
...
Set<SimpleGrantedAuthority> userRoles = new HashSet<>();
userRoles.add(new SimpleGrantedAuthority("ROLE_USER"));
User user = new User(anotherUserName, "", userRoles);
List<SessionInformation> sessions = sessionRegistry.getAllSessions(u, false);
for(SessionInformation info : infos) {
info.expireNow();
}
import org.springframework.security.core.userdetails.User;
...
...
Set userRoles=new HashSet();
添加(新的SimpleGrantedAuthority(“角色用户”);
用户=新用户(另一个用户名,“,用户角色);
List sessions=sessionRegistry.getAllSessions(u,false);
用于(会话信息:infos){
info.expireNow();
}
您能澄清一下为什么要使用空字符串而不是密码吗?我想您可能知道,您不需要密码来完成您要做的事情。此外,您的代码永远不需要知道用户密码。密码只能由用户编写并加密。API外观不自然)在哪里可以按名称找到用户角色?