Spring安全SessionRegistry和基于bean的配置问题

时间:2012-09-05 20:22:55

标签: spring session spring-security

我正在使用Spring Security 3.0.5并尝试获取当前登录用户的数量。我的场景是Pre-Authenticated并使用基于bean的配置而不是<http>基于命名空间的配置(在这种情况下,这似乎是微不足道的。

我的配置文件如下:

    <beans:bean id="springSecurityFilterChain"
    class="org.springframework.security.web.FilterChainProxy">
    <filter-chain-map path-type="ant">
        <filter-chain pattern="/**/resources/**" filters="none" />
        <filter-chain pattern="/**/logout/**" filters="none" />
        <filter-chain pattern="/service/**" filters="none" />
        <filter-chain pattern="/**"
            filters="sif,concurrencyFilter,shibbolethFilter,smf,logoutFilter,etf,fsi" />

    </filter-chain-map>
</beans:bean>

<beans:bean id="sif"
    class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />

<beans:bean id="scr"
    class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />

<beans:bean id="smf"
    class="org.springframework.security.web.session.SessionManagementFilter">
    <beans:constructor-arg name="securityContextRepository"
        ref="scr" />
    <beans:property name="sessionAuthenticationStrategy"
        ref="sas" />
</beans:bean>

<beans:bean id="shibbolethFilter"
    class="PreAuthenticatedShibbolethAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="exceptionIfHeaderMissing" value="true" />
    <beans:property name="continueFilterChainOnUnsuccessfulAuthentication"
        value="true" />
    <beans:property name="developmentMode" value="true" />
    <beans:property name="authenticationSuccessHandler"
        ref="customAuthenticationSuccessHandlerBean" />
</beans:bean>

<beans:bean id="sas"
    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg name="sessionRegistry"
        ref="sessionRegistry" />
    <beans:property name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="concurrencyFilter"
    class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:property name="sessionRegistry" ref="sessionRegistry" />
    <beans:property name="expiredUrl" value="/session-expired.html" />
</beans:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref='preauthAuthProvider' />
</authentication-manager>

<beans:bean id="preauthAuthProvider"
    class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService">
        <beans:bean id="userDetailsServiceWrapper"
            class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <beans:property name="userDetailsService" ref="userDetailsService" />
        </beans:bean>
    </beans:property>
</beans:bean>

<beans:bean id="logoutHandlerBean"
    class="LogoutSuccessHandlerImpl" />

<beans:bean id="userDetailsService"
    class="CustomJdbcDaoImpl">
    <beans:property name="dataSource" ref="projectDS" />
    <beans:property name="enableGroups" value="true" />
    <beans:property name="enableAuthorities" value="false" />
</beans:bean>

在我的控制器中,我有以下代码:

  

@Resource(名称= “的SessionRegistry”)       私人SessionRegistry sessionReg;

private void doTest() {
    List<Object> principals = sessionReg.getAllPrincipals();
    for (Object o : principals) {
        List<SessionInformation> siList = sessionReg.getAllSessions(o,
                true);
        for (SessionInformation si : siList) {
            logger.error(si.getSessionId() + " " + si.getPrincipal());
        }
    }
}

列表principals始终为空。我觉得PreAuthenticatedShibbolethAuthenticationFilter extends过滤器AbstractPreAuthenticatedProcessingFilter ref应该ConcurrentSessionControlStrategy到{{1}},但是,没有这样的属性可以设置。

我错过了什么?

1 个答案:

答案 0 :(得分:0)

SecurityContextPersistenceFilter需要SecurityContextRespository

<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" >
<property name="securityContextRepository" ref="scr" />
</bean>