1. 首页
  2. 问答
  3. 上网用户+的Acegi安全

上网用户+的Acegi安全

2011-02-27 38 views

回答

4

下面我谈论春天的安全性(因为Acegi的安全性现在是春天的安全性和我假定你使用spring-security)。而且我已经测试了最新版本的Spring Security的

搜索到这个配置:SessionRegistry

相关的:security-session-management

web.xml中

<listener> 
     <listener-class> 
      org.springframework.security.web.session.HttpSessionEventPublisher 
     </listener-class> 
</listener>

上spring security xml文件示例app-security.xml

关注安全性:会话管理,最后两个豆

<security:http auto-config="true"> 
     <security:intercept-url pattern="/user*" access="ROLE_ADMIN, ROLE_USER" /> 
     <security:intercept-url pattern="/user/register.html" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <security:intercept-url pattern="/user/activate.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />  
     <security:form-login login-page="/user/login.html" default-target-url="/index.html" authentication-failure-url="/user/login.html" /> 
     <security:session-management session-authentication-strategy-ref="sas" invalid-session-url="/index.html" /> 
     <security:remember-me data-source-ref="dataSource" /> 
     <security:logout logout-success-url="/user/logout.html" invalidate-session="false" /> 
</security:http> 

<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> 

<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> 
     <constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
     <property name="maximumSessions" value="1" /> 
</bean>

然后在代码/控制器

@Autowired 
private SessionRegistryImpl sessionRegistry; 
... 
List<Object> allPrincipals = sessionRegistry.getAllPrincipals(); 
...

allPrincipals containts所有的在线用户

来源

2011-02-27 19:52:44 Kakawait

相关问题

 相关问题