spring mvc sessionregistry返回主体的空列表

brtdzjyr  于 2021-07-23  发布在  Java
关注(0)|答案(1)|浏览(456)

为了更改经过身份验证的用户的权限,我需要检索所有这些用户,因此我使用了sessionregistry,如下链接所示。
但是 sessionRegistry.getAllPrincipals() 方法返回空列表。
我的项目配置如下:
web.xml文件:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>loyfeey</display-name>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring-servlet.xml</param-value>
    </context-param>
    <!-- <context-param> <param-name>contextConfigLocation</param-name> <param-value>com.mkyong.web.config</param-value> 
        </context-param> -->
    <listener>
        <listener-class>
            org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>throwExceptionIfNoHandlerFound</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <error-page>
        <location>/errors</location>
    </error-page>

    <session-config>
        <session-timeout>30</session-timeout>
        <cookie-config>
            <!-- if true then browser script won't be able to access the cookie -->
            <http-only>false</http-only>
            <!--!if true then the cookie will be sent only over HTTPS connection -->
            <secure>false</secure>
        </cookie-config>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>
</web-app>

Web安全配置适配器

@Configuration
@EnableWebSecurity
@Transactional
@Service
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CompteDetailsService compteDetailsService;

    @Autowired
    private IMatcherService matcherDetailsService;

    @Autowired
    private CustomLogoutSuccessHandler logoutSuccessHandler;

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(compteDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable();

        http.authorizeRequests().antMatchers(/*some paths*/).permitAll();

        http.authorizeRequests().antMatchers("/**").access("hasRole('ROLE_ADMIN')");

        List<Matcher> matchers = matcherDetailsService.getMatchersConfig();

        for (Matcher matcher : matchers) {
            http.authorizeRequests()//
                    .antMatchers("/" + matcher.getPath())//
                    .hasAnyAuthority(matcher.getPermission().toString());

        }
        http.authorizeRequests().anyRequest().denyAll();

        http.authorizeRequests().and().formLogin()
                .loginProcessingUrl("/login") 
                .loginPage("/")
                .defaultSuccessUrl("/authentification/successful")
                .failureUrl("/?error=true")
                .usernameParameter("login")
                .passwordParameter("password");

        http.authorizeRequests().and().logout()
                .logoutUrl("/authentification/logout")
                 .logoutSuccessUrl("/");
                .logoutSuccessHandler(logoutSuccessHandler);

   http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/authentification/accessDenied");
        SessionRegistry sr = sessionRegistry();

        http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
    }
}

如果有人能帮我找出我遗漏了什么

bxfogqkk

bxfogqkk1#

感谢@m。为了他的回答,我分开了 spring-servlet.xml 分为两个文件: spring-context.xml 以及 spring-servlet.xml 如下图所示:
web.xml文件:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>loyfeey</display-name>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring-context.xml</param-value>
    </context-param>
    <!-- <context-param> <param-name>contextConfigLocation</param-name> <param-value>com.mkyong.web.config</param-value> 
        </context-param> -->
    <listener>
        <listener-class>
            org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring-servlet.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <error-page>
        <location>/errors</location>
    </error-page>

    <session-config>
        <session-timeout>30</session-timeout>
        <cookie-config>
            <!-- if true then browser script won't be able to access the cookie -->
            <http-only>false</http-only>
            <!--!if true then the cookie will be sent only over HTTPS connection -->
            <secure>false</secure>
        </cookie-config>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>
</web-app>

相关问题