2011-02-27 81 views

回答

4

下面我談論春天的安全性(因爲Acegi的安全性現在是春天的安全性和我假定你使用spring-security)。而且我已經測試了最新版本的Spring Security的


搜索到這個配置:SessionRegistry

相關的:security-session-management

web.xml中

<listener> 
     <listener-class> 
      org.springframework.security.web.session.HttpSessionEventPublisher 
     </listener-class> 
</listener> 

上spring security xml文件示例app-security.xml

關注安全性:會話管理,最後兩個豆

<security:http auto-config="true"> 
     <security:intercept-url pattern="/user*" access="ROLE_ADMIN, ROLE_USER" /> 
     <security:intercept-url pattern="/user/register.html" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <security:intercept-url pattern="/user/activate.html*" access="IS_AUTHENTICATED_ANONYMOUSLY" />  
     <security:form-login login-page="/user/login.html" default-target-url="/index.html" authentication-failure-url="/user/login.html" /> 
     <security:session-management session-authentication-strategy-ref="sas" invalid-session-url="/index.html" /> 
     <security:remember-me data-source-ref="dataSource" /> 
     <security:logout logout-success-url="/user/logout.html" invalidate-session="false" /> 
</security:http> 

<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> 

<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> 
     <constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 
     <property name="maximumSessions" value="1" /> 
</bean> 

然後在代碼/控制器

@Autowired 
private SessionRegistryImpl sessionRegistry; 
... 
List<Object> allPrincipals = sessionRegistry.getAllPrincipals(); 
... 

allPrincipals containts所有的在線用戶