Spring安全删除用户 - 会话仍处于活动状态 [英] Spring security delete user - session still active
问题描述
我有一个简单的Spring安全应用程序和用户管理。
管理员应该能够在数据库上创建/更新/删除用户(通过休眠)。
I got a simple spring security application with a user administration. An admin should be able to create/update/delete users on the database (via hibernate).
如果用户更新,我正在重新加载身份验证当前登录的用户。使用以下代码完成(根据此示例):
If a user is updated, I am reloading the authentication of the user which is currently logged in. That's done with the following code (according to this example):
SecurityContextHolder.getContext().setAuthentication(updatedAuthentication);
我的问题是:
我该怎么办如果用户被删除?如果我删除用户,活动会话仍然有效,我不知道如何更新它们。我仍然可以导航到我以前能够访问的每个页面。
My question is: What can I do if a user is deleted? If I delete a user, already active sessions remain active and I don't know how to update them. I can still navigate to every page I was able to go to before.
有没有办法告诉spring会话应该重新验证还是类似的?我错过了什么重要的事情吗?
Is there a way to tell spring that a session should be revalidated or something like that? Did I miss anything important?
推荐答案
在每个请求中,您应该检查数据库中是否存在用户。
步骤:
On each request you should check your database for User existence. Steps :
- 从会话中获取用户ID,检查它是否在数据库中。
- 如果数据库中没有,会使会话无效并再次重定向到登录页面。
- 在方法中包含上述两个stpes并在每个方法上调用它请求。 (如果使用常用方法或创建e Listener)
如果有帮助,您还可以查看以下链接。 http ://forum.spring.io/forum/spring-projects/security/35809-how-to-let-admin-to-force-user-to-logout
Also you can check the following link if it helps. http://forum.spring.io/forum/spring-projects/security/35809-how-to-let-admin-to-force-user-to-logout
这篇关于Spring安全删除用户 - 会话仍处于活动状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
