springsecurity扩展自定义会话管理(二)提供管理员调用踢出用户
springsecurity扩展自定义会话管理(二)提供管理员调用踢出用户?
配置文件基本上和(一)比没有做什么修改,只是不限制用户用同一账号登陆,所以配置maximumSessions为-1?
<beans:bean id="currentController"?
ref="sessionRegistry" />?
<beans:property name="exceptionIfMaximumExceeded"?
?? value="false" />?
<beans:property name="maximumSessions" value="-1"/>?
</beans:bean>?
其实要实现列表当前登陆的用户,并踢出用户,就是调用springsecurity的?
org.springframework.security.concurrent.SessionRegistryImpl?
就可以满足要求了,当然,用这个类来做踢出用户的功能,不是很好,不过也懒得去动这个源码了,由于mini-web的示例是struts2的,所以我就简单的写了个Action去调用这个类来操作,如果要用到公司的项目中,那还要放到controller里面去才行,SessionAction.java:?
package org.springside.examples.miniweb.web.user;?
import java.util.ArrayList;?
import java.util.List;?
import org.apache.struts2.config.ParentPackage;?
import org.apache.struts2.config.Result;?
import org.apache.struts2.config.Results;?
import org.apache.struts2.dispatcher.ServletActionRedirectResult;?
import org.springframework.security.concurrent.SessionInformation;?
import org.springframework.security.concurrent.SessionRegistry;?
import org.springside.modules.web.struts2.CRUDActionSupport;?
import org.springside.modules.web.struts2.SimpleActionSupport;?
@ParentPackage("default")?
@Results( { @Result(name = CRUDActionSupport.RELOAD, value = "/session", type = ServletActionRedirectResult.class) })?
public class SessionAction extends SimpleActionSupport {?
private static final String RELOAD = "reload";?
private static final long serialVersionUID = 8071034786218297672L;?
private String loginId;?
private SessionRegistry sessionRegistry;?
List<String> loginIds;?
?????????? //默认方法?
public String execute() throws Exception {?
?? return list();?
}?
?????????? //列表当前登录的用户的loginIds?
public String list() throws Exception {?
?? Object[] loginIds_obj = sessionRegistry.getAllPrincipals();?
?? if (loginIds_obj != null && loginIds_obj.length > 0) {?
??? loginIds = new ArrayList<String>(loginIds_obj.length);?
??? for (int i = 0; i < loginIds_obj.length; i++) {?
???? loginIds.add((String) loginIds_obj[i]);?
??? }?
?? }?
?? return SUCCESS;?
}?
//根据传入的loginId,踢出某用户?
public String destroy() throws Exception {?
?? SessionInformation[] sessions_arrs = sessionRegistry.getAllSessions(?
???? loginId, false);?
?? if (sessions_arrs != null && sessions_arrs.length > 0) {?
??? for (int i = 0; i < sessions_arrs.length; i++) {?
???? sessions_arrs[i].expireNow();?
???? // sessionRegistry.removeSessionInformation(sessions_arrs[i].getSessionId());?
??? }?
?? }?
?? return RELOAD;?
}?
public String getLoginId() {?
?? return loginId;?
}?
public void setLoginId(String loginId) {?
?? this.loginId = loginId;?
}?
public List<String> getLoginIds() {?
?? return loginIds;?
}?
public void setLoginIds(List<String> loginIds) {?
?? this.loginIds = loginIds;?
}?
public void setSessionRegistry(SessionRegistry sessionRegistry) {?
?? this.sessionRegistry = sessionRegistry;?
}?
}?