GRAILS:如何通过 spring 安全核心插件获取当前登录用户的数量? [英] GRAILS: how to get the number of currently signed in users via spring security core plugin?
问题描述
我的问题是,我想限制可以同时登录我的应用程序的用户数量(该值存储在数据库中).首先,我尝试使用 tomcat 或其他 Web 容器中的一些配置来执行此操作-但是存在问题,如果用户未登录,也会使用会话(显示登录页面也需要在 tomcat 中使用会话).. 所以我需要检查有多少用户真正"登录.我发现了很多 acegi 插件的代码示例,但对 springsecurity 核心插件没有什么帮助.
my problem is, that i want to limit the number of users that can simultaneously be logged in my application (this value is stored in the database). first i tried to do that with some configuration in tomcat or other web containers - but there´s the problem, that a session is used also if a user is not logged in (displaying the login page also needs a session in tomcat)... so i need to check how many users are "really" logged in. i´ve found quite a lot code examples for the acegi plugin, but nothing really helpful about the springsecurity core plugin.
到目前为止我的片段:
在 resources.groovy 中,我定义了我的 bean:
in resources.groovy i´ve defined my beans:
beans = {
sessionRegistry(org.springframework.security.concurrent.SessionRegistryImpl)
concurrentSessionController(org.springframework.security.concurrent.ConcurrentSessionControllerImpl) {
sessionRegistry = ref('sessionRegistry')
maximumSessions = -1
}
}
在 BootStrap.groovy 中,init 的请求是:
in BootStrap.groovy the begging of the init is :
class BootStrap {
def springSecurityService
def authenticationManager
def concurrentSessionController
def securityContextPersistenceFilter
def init = { servletContext ->
authenticationManager.sessionController = concurrentSessionController
...
并在 Config.groovy 中添加:
and in Config.groovy i´ve added :
grails.plugins.springsecurity.providerNames = ['concurrentSessionController', 'daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
但是一旦应用程序启动(grails run-app),它就会崩溃,当它尝试配置 SpringSecury 时:
but then as soon as the application starts (grails run-app), it crashes, when it tries to configure the SpringSecury :
...
Running Grails application..
Configuring Spring Security ...
Application context shutting down...
Application context shutdown.
limepix@turbo:~/develop/testproject$
我已经为我的应用程序配置了日志记录 - 我的日志文件中的内容/最后一个条目是:
i have configured logging for my application - the content / the last entry in my logfile is:
2011-07-11 11:19:43,071 [main] ERROR context.GrailsContextLoader - Error executing bootstraps: No bean named 'concurrentSessionController' is defined
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'concurrentSessionController' is defined
at SpringSecurityCoreGrailsPlugin$_createBeanList_closure22.doCall(SpringSecurityCoreGrailsPlugin.groovy:648)
at SpringSecurityCoreGrailsPlugin.createBeanList(SpringSecurityCoreGrailsPlugin.groovy:648)
at SpringSecurityCoreGrailsPlugin.this$2$createBeanList(SpringSecurityCoreGrailsPlugin.groovy)
at SpringSecurityCoreGrailsPlugin$_closure4.doCall(SpringSecurityCoreGrailsPlugin.groovy:581)
at org.grails.tomcat.TomcatServer.start(TomcatServer.groovy:212)
at grails.web.container.EmbeddableServer$start.call(Unknown Source)
at _GrailsRun_groovy$_run_closure5_closure12.doCall(_GrailsRun_groovy:158)
at _GrailsRun_groovy$_run_closure5_closure12.doCall(_GrailsRun_groovy)
at _GrailsSettings_groovy$_run_closure10.doCall(_GrailsSettings_groovy:280)
at _GrailsSettings_groovy$_run_closure10.call(_GrailsSettings_groovy)
at _GrailsRun_groovy$_run_closure5.doCall(_GrailsRun_groovy:149)
at _GrailsRun_groovy$_run_closure5.call(_GrailsRun_groovy)
at _GrailsRun_groovy.runInline(_GrailsRun_groovy:116)
at _GrailsRun_groovy.this$4$runInline(_GrailsRun_groovy)
at _GrailsRun_groovy$_run_closure1.doCall(_GrailsRun_groovy:59)
at RunApp$_run_closure1.doCall(RunApp.groovy:33)
at gant.Gant$_dispatch_closure5.doCall(Gant.groovy:381)
at gant.Gant$_dispatch_closure7.doCall(Gant.groovy:415)
at gant.Gant$_dispatch_closure7.doCall(Gant.groovy)
at gant.Gant.withBuildListeners(Gant.groovy:427)
at gant.Gant.this$2$withBuildListeners(Gant.groovy)
at gant.Gant$this$2$withBuildListeners.callCurrent(Unknown Source)
at gant.Gant.dispatch(Gant.groovy:415)
at gant.Gant.this$2$dispatch(Gant.groovy)
at gant.Gant.invokeMethod(Gant.groovy)
at gant.Gant.executeTargets(Gant.groovy:590)
at gant.Gant.executeTargets(Gant.groovy:589)
也许有人可以指点我一些文档、示例,或者可以直接告诉我,如何获取当前登录的用户数.
maybe someone can point me to some docs, examples or can directly tell me, how to get the number of currently signed in users.
来自德国纽伦堡的问候
limepix
推荐答案
感谢您的回答!现在我明白了...
Thanks for your answer! Now i got it...
我采取的步骤是:
定义 bean:
import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
beans = {
sessionRegistry(SessionRegistryImpl)
sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, sessionRegistry) {
maximumSessions = -1
}
concurrentSessionFilter(ConcurrentSessionFilter){
sessionRegistry = sessionRegistry
expiredUrl = '/login/concurrentSession'
}
}
然后在我的控制器中注入:
then in my controller i injected:
class SystemController {
def sessionRegistry
并检查当前正在使用的会话数:
and the check, how many sessions are currently in use:
def sessioncount = {
def cnt = 0
sessionRegistry.getAllPrincipals().each{
cnt += sessionRegistry.getAllSessions(it, false).size()
}
render cnt
}
必须执行的其他步骤:
- 从 grails 安装模板(grails install-templates)
向 web.xml 添加监听器:
- install templates from grails (grails install-templates)
add listener to web.xml:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
现在它起作用了!
太好了!:)
(现在下一步是 - 定义一个事件侦听器(当用户登录时)检查许可证(会话)的数量并允许或拒绝访问他.但我认为这不是那么棘手......我们'我会看到...)
(now the next steps are - defining an eventlistener (when the user logs in) check the number of licenses(sessions) and permit or deny access to him. but i think that´s not that tricky... we´ll see...)
这篇关于GRAILS:如何通过 spring 安全核心插件获取当前登录用户的数量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
