Spring Boot SessionRegistry返回主体的空列表 [英] Spring boot sessionRegistry returns empty list of principals
问题描述
我在Spring Boot应用程序中使用Spring Security来提供用户功能.我花了一些时间来寻找问题的答案,但只为使用基于xml的配置的人找到了解决方案.
I'm using spring security in my spring boot app to provide user functionality. I've spent quiet some time searching for an answer to the problem, but did only find solutions for people using xml-based configurations.
我的设置与此非常相似: http://www.baeldung.com/spring-security-track-logged-in-users (底部的替代方法).
My set-up is very similar to this: http://www.baeldung.com/spring-security-track-logged-in-users (alternative method at the bottom).
这是我的SecurityConfiguration:
This is my SecurityConfiguration:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().defaultSuccessUrl("/home.html", true)
//.and().exceptionHandling().accessDeniedPage("/home")
.and().authorizeRequests().antMatchers("/editor").hasAnyAuthority("SUPERUSER")
.and().authorizeRequests().antMatchers("/editor").hasAnyAuthority("ADMIN")
.and().authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated()
.and().formLogin().loginPage("/login").permitAll()
.and().authorizeRequests().antMatchers("/static/**").permitAll()
.and().logout().permitAll().logoutSuccessUrl("/login").logoutUrl("/logout").deleteCookies("JSESSIONID")
.and().csrf().disable();
http.sessionManagement().invalidSessionUrl("/login").maximumSessions(1).sessionRegistry(sessionRegistry()).expiredUrl("/login");
}
这是我称之为sessionRegistry的地方:
This is where i call the sessionRegistry:
public List<String> getAllLoggedUsernames() {
final List<Object> allPrincipals = sessionRegistry.getAllPrincipals();
// System.out.println("All Principals: " + sessionRegistry.getAllPrincipals());
List<String> allUsernames = new ArrayList<String>();
System.out.println(allUsernames.size());
for (final Object principal : allPrincipals) {
if (principal instanceof SecUserDetails) {
final SecUserDetails user = (SecUserDetails) principal;
//Make sure the session is not expired --------------------------------------------------▼
List<SessionInformation> activeUserSessions = sessionRegistry.getAllSessions(principal, false);
if (!activeUserSessions.isEmpty()) {
allUsernames.add(user.getUsername());
System.out.println(user.getUsername());
}
}
}
return allUsernames;
}
现在,当我尝试获取当前登录的用户时,我会像这样正确获取它:
Now when I try to get the currently logged-in user i get it correctly like that:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String username = auth.getName();
通过以下方式将我的sessionRegistry定义为Bean:
My sessionRegistry is defined as a Bean the following way:
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
我要说的是,我是通过类似这样的服务从控制器调用 getAllLoggedUsernames()的:
It is left to say that I call the getAllLoggedUsernames() from a controller via a service much like this:
@Autowired
private SecUserDetailService service;
然后在@RequestMapping函数中:
And later in a @RequestMapping function:
service.getAllLoggedUsernames();
无论实际登录了多少用户,那里收到的列表始终为空.
And the list received there is always empty, no matter how many users are actually logged in.
现在,从这里提出的其他问题中,我的猜测是,某种程度上我的应用程序被加载了两次,或者我的bean安装程序被弄乱了.我认为@Autowired不起作用,因为我认为服务需要某种上下文信息?
Now my guess from other questions asked here would be that somehow my application gets loaded twice or that my bean setup is messed up. I kind of think that the @Autowired does not work, since I think the Service needs some kind of context information?
尽管我真的是依赖注入的新手,所以要使所有内容正确都有些困难.
I'm really new to Dependency injection though, so it's kinda hard to get everything correct.
感谢您的任何帮助!
编辑-次要说明
推荐答案
已解决:出现类型错误,getAllLoggedUsers()方法中的if语句始终解析为false,因为Object不是我自己的UserDetails类的实例,但属于org.springframework.security.core.userdetails.User!
Solved: There was a type error, the if statement in the getAllLoggedUsers() method always resolved to false as the Object is not an instance of my own UserDetails class, but of org.springframework.security.core.userdetails.User!
这篇关于Spring Boot SessionRegistry返回主体的空列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
