Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring安全会话注册表不工作_Spring_Spring Mvc - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring安全会话注册表不工作

Spring安全会话注册表不工作

spring spring-mvc

Spring安全会话注册表不工作,spring,spring-mvc,Spring,Spring Mvc,首先,我将侦听器保存在web.xml中 <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener> org.springframework.security.web.session.HttpSessionEventPublis

首先,我将侦听器保存在web.xml中

<listener>
     <listener-class>
      org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener> 


org.springframework.security.web.session.HttpSessionEventPublisher
然后我的springSecurity.xml就变成了

 <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:security="http://www.springframework.org/schema/security"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans 
                            http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                            http://www.springframework.org/schema/context 
                            http://www.springframework.org/schema/context/spring-context-3.2.xsd                                  
                            http://www.springframework.org/schema/security 
                            http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<security:http auto-config="true" use-expressions="true">

     <security:intercept-url pattern="/*" access="permitAll" />
     <security:session-management invalid-session-url="/" session-fixation-protection="newSession">
            <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/>
     </security:session-management>

       <!--         access denied page -->
      <security:access-denied-handler error-page="/loginerror" />

      <security:form-login 
            login-page="/login?login_error=1" 
            default-target-url="/employee/listEmployee" 
            authentication-failure-url="/login/error" 
       />
        <security:logout invalidate-session="true" logout-success-url="/login" delete-cookies="JSESSIONID"  />
        <!-- enable csrf protection -->
<!--        <csrf/>-->

 </security:http>

<!--     Select users and user_roles from database -->
    <security:authentication-manager>
        <security:authentication-provider ref="authenticationProvider"></security:authentication-provider>
    </security:authentication-manager>
    <bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService">
            <bean id="userAuthenticationService" class="com.elitenet.los.security.UserDetailsServiceImpl" />
        </property>
        <property name="passwordEncoder">
            <bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
        </property>
    </bean>

控制器是这样的:我需要登录的用户名列表。但是sessionRegistry不起作用

@Autowired
@Qualifier("sessionRegistry")
private SessionRegistry sessionRegistry;





   @RequestMapping(value = "/showUserStatus",method = RequestMethod.GET)
    public ModelAndView showUserStatus() {
    List<String> usersNamesList = new ArrayList<String>();
     List<User> userList = new ArrayList<User>();
    try {

          List<Object> principals =sessionRegistry.getAllPrincipals();//the  principals  here is empty
            for (Object principal: principals) {
        //import org.springframework.security.core.userdetails for User class
        //User is a built in class of spring security core
                 if (principal instanceof User) {
                     getLog().info(((User) principal).getUserName());
                     getLog().info("going to list userNameList");
                      usersNamesList.add(((User) principal).getUserName());
        }
    }

        getLog().info("going to list user");
        userList = getUserService().getList();
    } catch (Exception er) {
        getLog().error("error while listing userList" + er);
    }
    return new ModelAndView("/user/showUserStatus", "userList", userList);

} 

@Autowired
@限定符(“会话注册表”)
非公开会议登记处会议登记处;
@RequestMapping(value=“/showUserStatus”,method=RequestMethod.GET)

公共模型和视图显示用户状态(){
List usersNamesList=new ArrayList();
List userList=new ArrayList();
试一试{
List principals=sessionRegistry.GetAllPrinciples();//此处的主体为空
for(对象主体:主体){
//为用户类导入org.springframework.security.core.userdetails
//用户是spring安全内核的内置类
if(用户的主体实例){
getLog().info(((用户)主体).getUserName());
getLog().info(“将列出用户名列表”);
添加(((用户)主体).getUserName());
}
}
getLog().info(“将要列出用户”);
userList=getUserService().getList();
}捕获(异常er){
getLog().error(“列出userList时出错”+er);
}
返回新的ModelAndView(“/user/showUserStatus”、“userList”、“userList”);
}
谁能帮我一下我做错了什么吗请尝试在xml文件中提及

<bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />
我想你就快到了。您可能错过的唯一一件事是
会话注册表别名的使用。通过在
并发控制
元素上使用该属性,可以公开会话注册表,以便将其注入到您自己的bean中

现在您有了一个会话注册表的引用,该注册表将由上述配置隐式设置的
ConcurrentSessionControlStrategy
填充。要使用它,您只需像平常一样将其注入bean:


<security:session-management>
    <security:concurrency-control max-sessions="10" session-registry-ref="sessionRegistry"/>
</security:session-management>

 <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>






或者像下面这样


@Resource(name="sessionRegistry")
 private SessionRegistryImpl sessionRegistry;



<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"
    p:maximumSessions="1" >
    <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
 </bean>





我也试过了(但它仍然不起作用..thnks anywaz您在哪里调用
sessionregistry.getAllPrincipals
?您应该在需要时调用它们。现在看起来您在对象构造时调用它一次。还要确保您没有sessionregistry的多个实例!。确保您的安全配置只加载一次。I已在函数中调用它,如public model和view showUserStatus(){List UsersNameList=new ArrayList();List userList=new ArrayList();尝试{List Principles=sessionRegistry.GetAllPrinciples();for(对象主体:主体){if(principal instanceof User){UsersNameList.add(((用户)principal.getUserName());}}}请修改您的帖子以反映这一点,不要将其用作评论。另外,请向我们展示您是如何加载xml文件的(我怀疑您加载了两次)@Nidina我也遇到了同样的问题,你是如何解决的……谢谢。。。