Spring security 升级到Grails3后,sessionRegistry为空,但身份验证正在工作
将旧应用程序(grails 1.3.7)升级到最新的grails版本3.1.3后,sessionRegistry保持为空。在SpringSecurity中有一些变化,我试图让它工作,但看起来好像缺少了一些东西。。。我使用的是spring-security-web-4.0.3.RELEASE.jar 我可以通过spring security进行身份验证,看起来一切正常。但我喜欢计算公开会议的次数。我曾使用sessionRegistry.GetAllPrinciples()查找打开的会话,但现在它总是空的 在resources.groovy中:Spring security 升级到Grails3后,sessionRegistry为空,但身份验证正在工作,spring-security,grails-3.0,Spring Security,Grails 3.0,将旧应用程序(grails 1.3.7)升级到最新的grails版本3.1.3后,sessionRegistry保持为空。在SpringSecurity中有一些变化,我试图让它工作,但看起来好像缺少了一些东西。。。我使用的是spring-security-web-4.0.3.RELEASE.jar 我可以通过spring security进行身份验证,看起来一切正常。但我喜欢计算公开会议的次数。我曾使用sessionRegistry.GetAllPrinciples()查找打开的会话,但现在它总
import com.myApp.LicenceCheck
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
beans = {
sessionRegistry(SessionRegistryImpl)
sessionAuthenticationStrategy(ConcurrentSessionControlAuthenticationStrategy){
it.constructorArgs = [sessionRegistry]
maximumSessions = -1
}
concurrentSessionFilter(ConcurrentSessionFilter){
it.constructorArgs = [sessionRegistry,'/login/concurrentSession'];
}
licenceCheck(LicenceCheck)
}
在bootstrap.groovy中:
SpringSecurityUtils.clientRegisterFilter('concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER)
application.groovy中的配置:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.basic.realmName='myApp'
grails.plugin.springsecurity.successHandler.defaultTargetUrl='/search/'
grails.plugin.springsecurity.password.algorithm='MD5'
grails.plugin.springsecurity.password.hash.iterations = 1
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.myApp.Account'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.myApp.AccountAccountGroup'
grails.plugin.springsecurity.authority.className = 'com.myApp.AccountGroup'
grails.plugin.springsecurity.authority.nameField = 'role'
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.useSessionFixationPrevention = false
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.auth.loginFormUrl = '/login/auth'
grails.plugin.springsecurity.apf.storeLastUsername=true
grails.plugin.springsecurity.filterChain.filterNames = [
'securityContextPersistenceFilter', 'logoutFilter',
'authenticationProcessingFilter', 'concurrentSessionFilter',
'rememberMeAuthenticationFilter', 'anonymousAuthenticationFilter',
'exceptionTranslationFilter', 'filterInvocationInterceptor'
]
成功身份验证后,我将尝试计数打开的会话:
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
import grails.util.Holders
class LicenceCheck implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {
void onApplicationEvent(InteractiveAuthenticationSuccessEvent event) {
def sessionRegistry = Holders.grailsApplication.mainContext.getBean('sessionRegistry')
sessionRegistry.getAllPrincipals() <= list is always empty
}
}
import org.springframework.context.ApplicationListener
导入org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
导入grails.util.Holders
类LicenseCheck实现ApplicationListener{
Application event上的无效(InteractiveAuthenticationSuccessEvent事件){
def sessionRegistry=Holders.grailsApplication.mainContext.getBean('sessionRegistry'))
我找到了这个问题的解决方案
问题是新的ConcurrentSessionControlAuthenticationStrategy(新的ConcurrentSessionControlStrategy)没有在sessionRegistry中注册会话。您必须将不同的策略与CompositeSessionAuthenticationStrategy结合起来
这对我有用:
我找到了解决这个问题的办法
问题是新的ConcurrentSessionControlAuthenticationStrategy(新的ConcurrentSessionControlStrategy)没有在sessionRegistry中注册会话。您必须将不同的策略与CompositeSessionAuthenticationStrategy结合起来
这对我有用: