我正在尝试更新或删除用户的会话。这是我的配置:
@Bean
public SessionRegistry sessionRegistry () {
return new SessionRegistryImpl();
}
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() { //(5)
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
@Override
protected void configure (HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("*.jsp").authenticated()
.and()
.formLogin().loginPage("/login.html")
.defaultSuccessUrl("/")
.failureUrl("/login.html?failed=1")
.usernameParameter("email").passwordParameter("password")
.and()
.logout().logoutUrl("/logout.html")
.and()
.logout().logoutSuccessUrl("/");
http.sessionManagement()
.maximumSessions(100)
.maxSessionsPreventsLogin(false)
.expiredUrl("/ejercicios-programacion/")
.sessionRegistry(sessionRegistry());
}
但是当我这样做时:
@Autowired
private SessionRegistry sessionRegistry;
private boolean isEmpty () {
return sessionRegistry.getAllPrincipals().isEmpty();
}
(很明显,我的课程是@Component,因此它是由Spring初始化的)
即使我在不同的浏览器窗口中以3个不同的用户身份登录,它也会返回true。为什么会这样?