Spring安全会话注册表不工作
首先,我将侦听器保存在web.xml中Spring安全会话注册表不工作,spring,spring-mvc,Spring,Spring Mvc,首先,我将侦听器保存在web.xml中 <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener> org.springframework.security.web.session.HttpSessionEventPublis
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
org.springframework.security.web.session.HttpSessionEventPublisher
然后我的springSecurity.xml就变成了
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/*" access="permitAll" />
<security:session-management invalid-session-url="/" session-fixation-protection="newSession">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/>
</security:session-management>
<!-- access denied page -->
<security:access-denied-handler error-page="/loginerror" />
<security:form-login
login-page="/login?login_error=1"
default-target-url="/employee/listEmployee"
authentication-failure-url="/login/error"
/>
<security:logout invalidate-session="true" logout-success-url="/login" delete-cookies="JSESSIONID" />
<!-- enable csrf protection -->
<!-- <csrf/>-->
</security:http>
<!-- Select users and user_roles from database -->
<security:authentication-manager>
<security:authentication-provider ref="authenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<bean id="userAuthenticationService" class="com.elitenet.los.security.UserDetailsServiceImpl" />
</property>
<property name="passwordEncoder">
<bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
</property>
</bean>
控制器是这样的:我需要登录的用户名列表。但是sessionRegistry不起作用
@Autowired
@Qualifier("sessionRegistry")
private SessionRegistry sessionRegistry;
@RequestMapping(value = "/showUserStatus",method = RequestMethod.GET)
public ModelAndView showUserStatus() {
List<String> usersNamesList = new ArrayList<String>();
List<User> userList = new ArrayList<User>();
try {
List<Object> principals =sessionRegistry.getAllPrincipals();//the principals here is empty
for (Object principal: principals) {
//import org.springframework.security.core.userdetails for User class
//User is a built in class of spring security core
if (principal instanceof User) {
getLog().info(((User) principal).getUserName());
getLog().info("going to list userNameList");
usersNamesList.add(((User) principal).getUserName());
}
}
getLog().info("going to list user");
userList = getUserService().getList();
} catch (Exception er) {
getLog().error("error while listing userList" + er);
}
return new ModelAndView("/user/showUserStatus", "userList", userList);
}
@Autowired
@限定符(“会话注册表”)
非公开会议登记处会议登记处;
@RequestMapping(value=“/showUserStatus”,method=RequestMethod.GET)
公共模型和视图显示用户状态(){
List usersNamesList=new ArrayList();
List userList=new ArrayList();
试一试{
List principals=sessionRegistry.GetAllPrinciples();//此处的主体为空
for(对象主体:主体){
//为用户类导入org.springframework.security.core.userdetails
//用户是spring安全内核的内置类
if(用户的主体实例){
getLog().info(((用户)主体).getUserName());
getLog().info(“将列出用户名列表”);
添加(((用户)主体).getUserName());
}
}
getLog().info(“将要列出用户”);
userList=getUserService().getList();
}捕获(异常er){
getLog().error(“列出userList时出错”+er);
}
返回新的ModelAndView(“/user/showUserStatus”、“userList”、“userList”);
}
谁能帮我一下我做错了什么吗请尝试在xml文件中提及
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
我想你就快到了。您可能错过的唯一一件事是会话注册表别名的使用。通过在并发控制
元素上使用该属性,可以公开会话注册表,以便将其注入到您自己的bean中
现在您有了一个会话注册表的引用,该注册表将由上述配置隐式设置的ConcurrentSessionControlStrategy
填充。要使用它,您只需像平常一样将其注入bean:
<security:session-management>
<security:concurrency-control max-sessions="10" session-registry-ref="sessionRegistry"/>
</security:session-management>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
或者像下面这样
@Resource(name="sessionRegistry")
private SessionRegistryImpl sessionRegistry;
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"
p:maximumSessions="1" >
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</bean>
我也试过了(但它仍然不起作用..thnks anywaz您在哪里调用sessionregistry.getAllPrincipals
?您应该在需要时调用它们。现在看起来您在对象构造时调用它一次。还要确保您没有sessionregistry的多个实例!。确保您的安全配置只加载一次。I已在函数中调用它,如public model和view showUserStatus(){List UsersNameList=new ArrayList();List userList=new ArrayList();尝试{List Principles=sessionRegistry.GetAllPrinciples();for(对象主体:主体){if(principal instanceof User){UsersNameList.add(((用户)principal.getUserName());}}}请修改您的帖子以反映这一点,不要将其用作评论。另外,请向我们展示您是如何加载xml文件的(我怀疑您加载了两次)@Nidina我也遇到了同样的问题,你是如何解决的……谢谢。。。