我无法获得在线用户列表是春季安全

Question

我无法获得在线用户列表。

@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
            .realmName("GlxssSecurity")
            .and()
        .requestMatchers()
            .antMatchers("/oauth/authorize")
            .and()
        .authorizeRequests()
            .antMatchers("/oauth/authorize").authenticated()
            .and()
        .sessionManagement()
            .maximumSessions(1)
            .sessionRegistry(sessionRegistry());
}

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
    return new SecurityEvaluationContextExtension();
}

@Bean
public SessionRegistry sessionRegistry () {
    return new SessionRegistryImpl();
}

@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
    return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}

@Autowired
private  SessionRegistry sessionRegistry;

public List getAdminUsers(){
    List<Object> list = sessionRegistry.getAllPrincipals();
    log.info(list.toString());
    return list;
}

Answer 1

@Bean
public HandshakeInterceptor handsUserInterceptor() {

    return new HandshakeInterceptor() {
        @Override
        public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> map) throws Exception {
            if (request instanceof ServletServerHttpRequest) {
                ServletServerHttpRequest servletRequest = (ServletServerHttpRequest) request;
                Principal principal = request.getPrincipal();
                User user= userService.getUserWithAuthoritiesByLogin(principal.getName()).get();
                for (Authority authority : user.getAuthorities()) {
                    if ("ROLE_ADMIN".equals(authority.getName())){
                        SecurityUtils.getLoginAdminUsers().add(user);
                        break;
                    }
                }
            }
            return true;
        }

        @Override
        public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) {

        }
    };
}

我这样解决了，但他并没有完全符合规范。