如何让用户连接到我的网站 我使用spring + acegi
答案 0 :(得分:4)
下面我说的是spring-security(因为acegi-security现在是spring-security,我认为你使用了spring-security)。此外,我已使用最新版本的spring security
测试了此配置相关:security-session-management
在 web.xml 上
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
在spring security xml文件示例 app-security.xml
上关注安全性:会话管理和最后两个bean
<security:http auto-config="true">
<security:intercept-url pattern="/user*" access="ROLE_ADMIN, ROLE_USER" />
<security:intercept-url pattern="/user/register.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/user/activate.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:form-login login-page="/user/login.html" default-target-url="/index.html" authentication-failure-url="/user/login.html" />
<security:session-management session-authentication-strategy-ref="sas" invalid-session-url="/index.html" />
<security:remember-me data-source-ref="dataSource" />
<security:logout logout-success-url="/user/logout.html" invalidate-session="false" />
</security:http>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
</bean>
然后在代码/控制器
@Autowired
private SessionRegistryImpl sessionRegistry;
...
List<Object> allPrincipals = sessionRegistry.getAllPrincipals();
...
allPrincipals包含所有在线用户