我有一个完全由Weblogic容器保护的Web应用程序。现在我必须列出当前登录的用户。我必须使用Spring Security 2.0.4
在web.xml中,我定义了必要的监听器和过滤器:
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.springframework.security.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
之后我按照我的理解定义了bean:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans>
<bean id="filterChainProxy"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionIntegrationFilter,logoutFilter,exceptionTranslationFilter,concurrencyFilter
</value>
</property>
</bean>
<bean id="httpSessionIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
<bean id="logoutFilter"
class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/logout.html" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_acegi_logout" />
</bean>
<bean name="concurrencyFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistryBean"/>
<property name="expiredUrl" value="/session-expired.htm"/>
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"
ref="authenticationEntryPoint" />
</bean>
<bean id="sessionRegistryBean" class="org.springframework.security.concurrent.SessionRegistryImpl">
</bean>
</beans>
最后,我写了一个简单的JSP页面,列出了用户:
<body>
<%
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(request.getSession().getServletContext());
ActiveSessions as = new ActiveSessions(appContext);
for(String u : as.getUsers()) {
%>
<ul><li><% out.println(u); %></li></ul>
<%
}
%>
</body>
以下是我的助手类试图获取用户列表的方式:
public List<String> getUsers() {
SessionRegistry sr = (SessionRegistry) a.getBean("sessionRegistryBean");
Object[] principals = sr.getAllPrincipals();
List<String> result = new ArrayList<String>();
for(int i = 0; i < principals.length; i++) {
SessionInformation[] sis = sr.getAllSessions(principals[i], false);
result.add(principals[i].toString());
logger.info("Adding entry: " + principals[i].toString() + ", sessions: " + sis.length);
}
return result;
}
不幸的是,所有这些都不起作用,我真的不知道如何调试它。我所做的是开始使用应用程序(在容器管理的BASIC auth之后)并调用jsp页面。该列表始终为空。
答案 0 :(得分:2)
上述配置的问题是没有任何bean负责将数据放入SessionRegistry
。会话事件在应用程序中发布,但需要更多bean,以便将身份验证放入注册表,例如应配置AuthenticationManager
。如果没有这个,SessionRegistry
总是空着。
答案 1 :(得分:1)