SessionRegistry.getAllPrincipals() return empty list spring boot

时间:2018-08-03 11:28:17

标签: java spring spring-boot spring-security

I migrated my application from spring to spring boot. I left security configuration from spring and everything works fine. But Then I try to use getAllPrincipals() method from sessionRegistry bean it returns empty list even if there is logged users in application. Here my code for application configuration:

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
import org.springframework.boot.autoconfigure.freemarker.FreeMarkerAutoConfiguration;
import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;

/**
 * Main class for Spring Boot
 */
@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class,
        FreeMarkerAutoConfiguration.class, HttpEncodingAutoConfiguration.class, WebMvcAutoConfiguration.class})
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

And here is code for security configuration:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final UserDetailsService userService;

    private final PasswordEncoder passwordEncoder;

    @Autowired
    public WebSecurityConfig(UserDetailsService userService, PasswordEncoder passwordEncoder) {
        this.userService = userService;
        this.passwordEncoder = passwordEncoder;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(passwordEncoder);
    }


    @Bean
    SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic()
                .and().authorizeRequests().antMatchers("/resetPassword/**").permitAll()
                .and().authorizeRequests().antMatchers(HttpMethod.GET, "/**").authenticated()
                .and().authorizeRequests().antMatchers(HttpMethod.POST, "/**").authenticated()
                .and().authorizeRequests().antMatchers(HttpMethod.PUT, "/**").authenticated()
                .and().authorizeRequests().antMatchers(HttpMethod.DELETE, "/**").authenticated()
                .and().csrf().disable();
    }
}

///////////////////////

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }

///////////////

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    private final AccessibleResourceRepository accessibleResourceRepository;

    @Autowired
    public MethodSecurityConfig(AccessibleResourceRepository accessibleResourceRepository) {
        this.accessibleResourceRepository = accessibleResourceRepository;
    }

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        CustomPermissionEvaluator permissionEvaluator = new CustomPermissionEvaluator(accessibleResourceRepository);
        DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
        expressionHandler.setPermissionEvaluator(permissionEvaluator);
        return expressionHandler;
    }
}

Here is code where I try to use SessionRegistry:

@Component
public class SessionUtils {

    private final SessionRegistry sessionRegistry;

    @Autowired
    public SessionUtils(SessionRegistry sessionRegistry) {
        this.sessionRegistry = sessionRegistry;
    }

    public void expireUserSessions(String username) {
        System.out.println(sessionRegistry.getAllPrincipals().size());//always 0
        sessionRegistry.getAllPrincipals().forEach(it-> System.out.println(it));
        for (Object principal : sessionRegistry.getAllPrincipals()) {
            if (principal instanceof User) {
                UserDetails userDetails = (UserDetails) principal;
                System.out.println("user details " + userDetails);
                if (userDetails.getUsername().equals(username)) {
                    for (SessionInformation information : sessionRegistry.getAllSessions(userDetails, true)) {
                        information.expireNow();
                    }
                }
            }
        }
    }
}

Does anyone know that is the problem?

0 个答案:

没有答案