如何存储会话ID并将它们与用户相关联 [英] How to store session Id's and associate them with user
问题描述
我有一个 CustomSecurityEventListener 来获得成功验证后的事件,并且 CustomHttpSessionListener 来设置最大非活动会话时间。 p>
类CustomSecurityEventListener实现ApplicationListener< AbstractAuthenticationEvent>,LogoutHandler {
def grailsApplication
def sessionRegistry
@Transactional
void onApplicationEvent(AbstractAuthenticationEvent event)throws AuthenticationException {
if(event instanceof AuthenticationSuccessEvent){
//用户审计操作
}
$ / code> 我想用Web界面实现会话管理器,管理员可以撤销它会话属于给定的用户。
| userName1 | JSESSIONID1234 |行动 - >撤销|
| userName2 | JSESSIONID4321 |行动 - >撤销|
您是否有任何adea如何通过使用自定义侦听器将sessionId与用户相关联(使用 sessionCreated(), sessionDestroyed()方法)并将用户会话对存储在例如。 activeSession集合。
我不想将sessionId作为Spring Security User类中的一个属性存储。
感谢您的提前。 我正在使用以下监听器代码在运行功能测试时清理会话。
不完全是您要查找的内容,而是 getAllPrincipals()如何从会话中获取用户(我使用':spring-security-core:1.2.7.3'创建了该代码)。
import static org.springframework.security.web.context.HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY
class SessionListener implements HttpSessionListener {
def session = [:]。asSynchronized()
$ b $ void sessionCreated(HttpSessionEvent se){
sessions.put(se.session.id,se.session)
$ b void sessionDestroyed(HttpSessionEvent se){
sessions.remove(se.session.id)
}
void invalidateSessions() {
def httpSessions = sessions.collect {String sessionId,HttpSession session - >
session
}
httpSessions.each {HttpSession session - >
session.invalidate()
}
}
def getAllPrincipals(){
def principals = []
sessions.each {String sessionId,HttpSession会话 - >
SecurityContext securityContext = session [SPRING_SECURITY_CONTEXT_KEY]
def authentication = securityContext?.authentication
principals<<认证?.principal
}
principals = principals.findAll {it!= null}
校长
}
}
I have a CustomSecurityEventListener to obtain event after successful authentication and CustomHttpSessionListener to set max inactive session time.
class CustomSecurityEventListener implements ApplicationListener<AbstractAuthenticationEvent>, LogoutHandler {
def grailsApplication
def sessionRegistry
@Transactional
void onApplicationEvent(AbstractAuthenticationEvent event) throws AuthenticationException {
if(event instanceof AuthenticationSuccessEvent){
// user auditing actions
}
}
I want to implement session manager with web interface where administrator will be able to revoke sessions belongs to the given user.
| userName1 | JSESSIONID1234 | action -> revoke |
| userName2 | JSESSIONID4321 | action -> revoke |
Do you have any adea how to associate sessionId with user by using Custom Listeners(using sessionCreated(), sessionDestroyed() methods) and store user-session pairs at in eg. "activeSession" collection.
I don't want to store sessionId as a property in the Spring Security User class.
Thanks in Advance.
I'm using the following listener code to cleanup sessions when running functional tests.
Not exactly what your are looking for but getAllPrincipals() shows how you get the user from the session (I created that code using ':spring-security-core:1.2.7.3').
import static org.springframework.security.web.context.HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY
class SessionListener implements HttpSessionListener {
def sessions = [:].asSynchronized()
void sessionCreated (HttpSessionEvent se) {
sessions.put(se.session.id, se.session)
}
void sessionDestroyed (HttpSessionEvent se) {
sessions.remove(se.session.id)
}
void invalidateSessions () {
def httpSessions = sessions.collect {String sessionId, HttpSession session ->
session
}
httpSessions.each { HttpSession session ->
session.invalidate()
}
}
def getAllPrincipals () {
def principals = []
sessions.each { String sessionId, HttpSession session ->
SecurityContext securityContext = session[SPRING_SECURITY_CONTEXT_KEY]
def authentication = securityContext?.authentication
principals << authentication?.principal
}
principals = principals.findAll {it != null}
principals
}
}
这篇关于如何存储会话ID并将它们与用户相关联的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
