I migrated my application from spring to spring boot. I left security configuration from spring and everything works fine. But Then I try to use getAllPrincipals() method from sessionRegistry bean it returns empty list even if there is logged users in application. Here my code for application configuration:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration;
import org.springframework.boot.autoconfigure.freemarker.FreeMarkerAutoConfiguration;
import org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
/**
* Main class for Spring Boot
*/
@SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class,
FreeMarkerAutoConfiguration.class, HttpEncodingAutoConfiguration.class, WebMvcAutoConfiguration.class})
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
And here is code for security configuration:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userService;
private final PasswordEncoder passwordEncoder;
@Autowired
public WebSecurityConfig(UserDetailsService userService, PasswordEncoder passwordEncoder) {
this.userService = userService;
this.passwordEncoder = passwordEncoder;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder);
}
@Bean
SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic()
.and().authorizeRequests().antMatchers("/resetPassword/**").permitAll()
.and().authorizeRequests().antMatchers(HttpMethod.GET, "/**").authenticated()
.and().authorizeRequests().antMatchers(HttpMethod.POST, "/**").authenticated()
.and().authorizeRequests().antMatchers(HttpMethod.PUT, "/**").authenticated()
.and().authorizeRequests().antMatchers(HttpMethod.DELETE, "/**").authenticated()
.and().csrf().disable();
}
}
///////////////////////
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
///////////////
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
private final AccessibleResourceRepository accessibleResourceRepository;
@Autowired
public MethodSecurityConfig(AccessibleResourceRepository accessibleResourceRepository) {
this.accessibleResourceRepository = accessibleResourceRepository;
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
CustomPermissionEvaluator permissionEvaluator = new CustomPermissionEvaluator(accessibleResourceRepository);
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(permissionEvaluator);
return expressionHandler;
}
}
Here is code where I try to use SessionRegistry:
@Component
public class SessionUtils {
private final SessionRegistry sessionRegistry;
@Autowired
public SessionUtils(SessionRegistry sessionRegistry) {
this.sessionRegistry = sessionRegistry;
}
public void expireUserSessions(String username) {
System.out.println(sessionRegistry.getAllPrincipals().size());//always 0
sessionRegistry.getAllPrincipals().forEach(it-> System.out.println(it));
for (Object principal : sessionRegistry.getAllPrincipals()) {
if (principal instanceof User) {
UserDetails userDetails = (UserDetails) principal;
System.out.println("user details " + userDetails);
if (userDetails.getUsername().equals(username)) {
for (SessionInformation information : sessionRegistry.getAllSessions(userDetails, true)) {
information.expireNow();
}
}
}
}
}
}
Does anyone know that is the problem?