我有一个使用spring安全性的spring mvc webapp,每次用户登录时我想做的一件事就是记录系统上的并发用户数.
为此,我给会话注册表添加了一个别名,然后我自动进入一个类并说...
List<Object> principals = sessionRegistry.getAllPrincipals();
MDC.put(MDCKeyConstants.CONCURRENT_USER_COUNT, principals.size());
但是principals.size正在变为0.即主体列表为空.我错过了我需要配置的其他东西吗?
很抱歉这篇文章很长,但是我把Spring安全配置放在这里试着帮助解决这个问题..提前感谢...
<http use-expressions="true" auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- custom filters -->
<custom-filter position="FORM_LOGIN_FILTER" ref="twoFactorAuthenticationFilter" />
<custom-filter after="SECURITY_CONTEXT_FILTER" ref="securityLoggingFilter"/>
<!-- session management -->
<session-management
invalid-session-url="/sessionExpired.htm"
session-authentication-error-url="/alreadyLoggedIn.htm">
<concurrency-control
max-sessions="1"
expired-url="/sessionExpiredDuplicateLogin.htm"
error-if-maximum-exceeded="false"
session-registry-alias="sessionRegistry"/>
</session-management>
<!-- error handlers -->
<access-denied-handler error-page="/accessDenied.htm"/>
<!-- logout -->
<logout logout-success-url="/logout.htm" invalidate-session="false" delete-cookies="JSESSIONID"/>
<!-- authorize pages -->
<intercept-url pattern="/home.htm" access="isAuthenticated()" />
<intercept-url pattern="/shortsAndOvers.htm" access="isAuthenticated()" />
<intercept-url pattern="/shortsAndOversDaily.htm" access="isAuthenticated()" />
<intercept-url pattern="/birtpage.htm" access="isAuthenticated()" />
<intercept-url pattern="/reports/show.htm" access="isAuthenticated()" />
</http>
<!-- =============================== -->
<!-- AUTHENTICATION BEANS -->
<!-- =============================== -->
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsDao" />
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<beans:bean id="twoFactorAuthenticationFilter" class="com.mycompany.reporting.security.TwoFactorAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="failureHandler" />
<beans:property name="authenticationSuccessHandler" ref="successHandler" />
<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
<beans:property name="postOnly" value="true" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.htm" />
</beans:bean>
<beans:bean id="successHandler" class="com.mycompany.reporting.security.CustomSavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/home.htm" />
</beans:bean>
<beans:bean id="failureHandler" class="com.mycompany.reporting.security.CustomSimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/loginfailed.htm" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="authenticationProvider"></authentication-provider>
</authentication-manager>
小智 2
尝试这个。它对我有用。
在<http></http>,
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" />
并声明bean如下:
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
并且不要忘记将 org.springframework.security.web.session.HttpSessionEventPublisher 侦听器添加到您的 Web 配置中。
| 归档时间: |
|
| 查看次数: |
3006 次 |
| 最近记录: |