Ila*_*n.K 7 spring spring-security weakhashmap
我必须解决以下场景,在 Spring Security 中3.2.5-RELEASE,Spring Core 4.1.2-RELEASE应用程序在 Wildfly 8.1 上运行 Java 1.7。
我想把“鲍勃”踢出去
//this doesn't work
for (final SessionInformation session : sessionRegistry.getAllSessions(user, true)) {
session.expireNow();
}
HttpSessionCreatedEvent并将HttpSessionDestroyedEvent其注册ApplicationListener为 HttoSession 并维护 SessionId 的缓存。AskToExpireSessionEvent-SessionRegistry,ApplicationEventPublisher以便您可以列出当前活动的用户会话并找到您正在寻找的用户(即“bob”)活动的会话(因为可能有很多)AskToExpireSessionEvent为他的每个会话调度一个。用户服务:
@Service
public class UserServiceImpl implements UserService {
/** {@link SessionRegistry} does not exists in unit tests */
@Autowired(required = false)
private Set<SessionRegistry> sessionRegistries;
@Autowired
private ApplicationEventPublisher publisher;
/**
* destroys all active sessions.
* @return <code>true</code> if any session was invalidated^
* @throws IllegalArgumentException
*/
@Override
public boolean invalidateUserByUserName(final String userName) {
if(null == StringUtils.trimToNull(userName)) {
throw new IllegalArgumentException("userName must not be null or empty");
}
boolean expieredAtLeastOneSession = false;
for (final SessionRegistry sessionRegistry : safe(sessionRegistries)) {
findPrincipal: for (final Object principal : sessionRegistry.getAllPrincipals()) {
if(principal instanceof IAuthenticatedUser) {
final IAuthenticatedUser user = (IAuthenticatedUser) principal;
if(userName.equals(user.getUsername())) {
for (final SessionInformation session : sessionRegistry.getAllSessions(user, true)) {
session.expireNow();
sessionRegistry.removeSessionInformation(session.getSessionId());
publisher.publishEvent(AskToExpireSessionEvent.of(session.getSessionId()));
expieredAtLeastOneSession = true;
}
break findPrincipal;
}
} else {
logger.warn("encountered a session for a none user object {} while invalidating '{}' " , principal, userName);
}
}
}
return expieredAtLeastOneSession;
}
}
申请活动:
import org.springframework.context.ApplicationEvent;
public class AskToExpireSessionEvent extends ApplicationEvent {
private static final long serialVersionUID = -1915691753338712193L;
public AskToExpireSessionEvent(final Object source) {
super(source);
}
@Override
public String getSource() {
return (String)super.getSource();
}
public static AskToExpireSessionEvent of(final String sessionId) {
return new AskToExpireSessionEvent(sessionId);
}
}
http会话缓存监听器:
import java.util.Map;
import java.util.WeakHashMap;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.security.web.session.HttpSessionCreatedEvent;
import org.springframework.security.web.session.HttpSessionDestroyedEvent;
import org.springframework.stereotype.Component;
import com.cb4.base.service.event.AskToExpireSessionEvent;
@Component
public class HttpSessionCachingListener {
private static final Logger logger = LoggerFactory.getLogger(HttpSessionCachingListener.class);
private final Map<String, HttpSession> sessionCache = new WeakHashMap<>();
void onHttpSessionCreatedEvent(final HttpSessionCreatedEvent event){
if (event != null && event.getSession() != null && event.getSession().getId() != null) {
sessionCache.put(event.getSession().getId(), event.getSession());
}
}
void onHttpSessionDestroyedEvent(final HttpSessionDestroyedEvent event){
if (event != null && event.getSession() != null && event.getSession().getId() != null){
sessionCache.remove(event.getSession().getId());
}
}
public void timeOutSession(final String sessionId){
if(sessionId != null){
final HttpSession httpSession = sessionCache.get(sessionId);
if(null != httpSession){
logger.debug("invalidating session {} in 1 second", sessionId);
httpSession.setMaxInactiveInterval(1);
}
}
}
@Component
static class HttpSessionCreatedLisener implements ApplicationListener<HttpSessionCreatedEvent> {
@Autowired
HttpSessionCachingListener parent;
@Override
public void onApplicationEvent(final HttpSessionCreatedEvent event) {
parent.onHttpSessionCreatedEvent(event);
}
}
@Component
static class HttpSessionDestroyedLisener implements ApplicationListener<HttpSessionDestroyedEvent> {
@Autowired
HttpSessionCachingListener parent;
@Override
public void onApplicationEvent(final HttpSessionDestroyedEvent event) {
parent.onHttpSessionDestroyedEvent(event);
}
}
@Component
static class AskToTimeOutSessionLisener implements ApplicationListener<AskToExpireSessionEvent> {
@Autowired
HttpSessionCachingListener parent;
@Override
public void onApplicationEvent(final AskToExpireSessionEvent event) {
if(event != null){
parent.timeOutSession(event.getSource());
}
}
}
}
| 归档时间: |
|
| 查看次数: |
6804 次 |
| 最近记录: |