springSecurity查看在线用户和下线用户
2016-07-07 00:35
627 查看
其中文章
2.要查看用户session列表,直接使用mongoSessionInfoRepo去查就可以.
3.下线用户(踢出用户).只需要将过期设置true就可以,用户下次请求就会被登出.
package org.exam.security; import org.exam.config.Constants; import org.exam.domain.doc.SessionInfo; import org.exam.repository.mongo.MongoSessionInfoRepo; import org.springframework.context.ApplicationListener; import org.springframework.data.mongodb.core.MongoTemplate; import org.springframework.security.core.session.SessionDestroyedEvent; import org.springframework.security.core.session.SessionInformation; import org.springframework.security.core.session.SessionRegistry; import org.springframework.security.core.userdetails.UserDetails; import java.util.ArrayList; import java.util.Date; import java.util.List; public class SessionRegistryImpl implements SessionRegistry, ApplicationListener<SessionDestroyedEvent> { private final MongoSessionInfoRepo mongoSessionInfoRepo; private final MongoTemplate mongoTemplate; private static final String C_SESSION_INFO = Constants.TABLE_PREFIX + "session_info"; public SessionRegistryImpl(MongoSessionInfoRepo mongoSessionInfoRepo, MongoTemplate mongoTemplate) { this.mongoSessionInfoRepo = mongoSessionInfoRepo; this.mongoTemplate = mongoTemplate; } private String getUid(Object principal) { return (principal instanceof UserDetails) ? ((UserDetails) principal).getUsername() : principal.toString(); } @SuppressWarnings("unchecked") @Override public List<Object> getAllPrincipals() { return mongoTemplate.getCollection(C_SESSION_INFO).distinct("uid"); } @Override public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) { String uid = getUid(principal); Iterable<SessionInfo> list = includeExpiredSessions ? mongoSessionInfoRepo.findByUid(uid) : mongoSessionInfoRepo.findByUidAndExpired(uid, false); List<SessionInformation> result = new ArrayList<>(); for (SessionInfo info : list) { result.add(new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest())); } return result; } @Override public SessionInformation getSessionInformation(String sessionId) { SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId); if (info != null) { SessionInformation information = new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest()); if (info.isExpired()) { information.expireNow(); } return information; } else { return null; } } @Override public void refreshLastRequest(String sessionId) { SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId); info.setLastRequest(new Date()); mongoSessionInfoRepo.save(info); } @Override public void registerNewSession(String sessionId, Object principal) { SessionInfo info = new SessionInfo(); info.setSid(sessionId); info.setUid(getUid(principal)); info.setLastRequest(new Date()); info.setExpired(false); mongoSessionInfoRepo.save(info); } @Override public void removeSessionInformation(String sessionId) { mongoSessionInfoRepo.deleteBySid(sessionId); } @Override public void onApplicationEvent(SessionDestroyedEvent event) { removeSessionInformation(event.getId()); } }
@Document(collection = Constants.TABLE_PREFIX + "session_info") public class SessionInfo implements Serializable { //objectId private String id; //sessionId private String sid; //用户标识:比如登录只有用户名,那么用户名也可以作为用户标识 private String uid; private Date lastRequest = new Date(); private boolean expired = false; //setter,getter略 }
@NoRepositoryBean public interface MongoBaseRepo<T extends Serializable> extends PagingAndSortingRepository<T, String>, QueryDslPredicateExecutor<T> { }
public interface MongoSessionInfoRepo extends MongoBaseRepo<SessionInfo> { SessionInfo findBySid(String sid); List<SessionInfo> findByUid(String uid); List<SessionInfo> findByUidAndExpired(String uid, boolean expired); void deleteBySid(String sid); }
2.要查看用户session列表,直接使用mongoSessionInfoRepo去查就可以.
3.下线用户(踢出用户).只需要将过期设置true就可以,用户下次请求就会被登出.
@RequestMapping("logout") public String logout(String sid) { SessionInfo info = mongoSessionInfoRepo.findBySid(sid); info.setExpired(true); mongoSessionInfoRepo.save(info); return "session/list"; }
相关文章推荐
- SpringMVC解决多人开发路径可能重复的问题
- java并发机制之volatile详解
- Java 泛型 协变性、逆变性
- SpringMVC如何接受POST请求中的json参数
- SpringMVC 通过post接收form参数或者json参数
- 线程池
- hibernate缓存机制(三)
- 扩展SpringMVC以支持绑定JSON格式的请求参数
- spring security开篇
- Spring AOP 源码分析 part4 :拦截器的实现
- Spring注解@Component、@Repository、@Service、@Controlle
- 前序中序求后序的java算法
- Java 包装类和基本类 直接 默认值
- Quartz实现定时任务的配置方法(纯java作业调度框架)
- Java Socket编程
- 注释驱动的 Spring cache 缓存介绍
- 用maven快速搭建spring mvc的web项目(配置到jackson 和 任务调度)
- java发送邮件方法
- [Android]eclipse NDK配置20160706
- spring事务