我的系统中有两个角色:用户和管理员
管理员可以按名称注销任何用户。
我该怎么做? 我需要这样的东西:
service.logoutUser(anotherUserName)
config看起来像这样:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers
....
.formLogin()
.loginProcessingUrl("/api/login")
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.rememberMe()
.key("...")
.rememberMeCookieName("...")
.userDetailsService(userDetailsService)
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.permitAll();
答案 0 :(得分:2)
这样的事情:
import org.springframework.security.core.userdetails.User;
...
...
Set<SimpleGrantedAuthority> userRoles = new HashSet<>();
userRoles.add(new SimpleGrantedAuthority("ROLE_USER"));
User user = new User(anotherUserName, "", userRoles);
List<SessionInformation> sessions = sessionRegistry.getAllSessions(u, false);
for(SessionInformation info : infos) {
info.expireNow();
}