I have a web application that is secured totally by the Weblogic container. Now I have to list the currently logged in users. I have to use Spring Security 2.0.4 for that
我有一个完全由Weblogic容器保护的Web应用程序。现在我必须列出当前登录的用户。我必须使用Spring Security 2.0.4
In web.xml I defined the necessary listener and filter:
在web.xml中我定义了必要的监听器和过滤器:
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.springframework.security.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Spring Security Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
After that I defined the beans as I understood this:
之后我按照我的理解定义了bean:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans>
<bean id="filterChainProxy"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionIntegrationFilter,logoutFilter,exceptionTranslationFilter,concurrencyFilter
</value>
</property>
</bean>
<bean id="httpSessionIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
<bean id="logoutFilter"
class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/logout.html" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_acegi_logout" />
</bean>
<bean name="concurrencyFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistryBean"/>
<property name="expiredUrl" value="/session-expired.htm"/>
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"
ref="authenticationEntryPoint" />
</bean>
<bean id="sessionRegistryBean" class="org.springframework.security.concurrent.SessionRegistryImpl">
</bean>
</beans>
Finally I wrote a simple JSP page that lists the users:
最后我写了一个简单的JSP页面,列出了用户:
<body>
<%
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(request.getSession().getServletContext());
ActiveSessions as = new ActiveSessions(appContext);
for(String u : as.getUsers()) {
%>
<ul><li><% out.println(u); %></li></ul>
<%
}
%>
</body>
And here is how my helper class tries to get the user list:
以下是我的帮助程序类如何尝试获取用户列表:
public List<String> getUsers() {
SessionRegistry sr = (SessionRegistry) a.getBean("sessionRegistryBean");
Object[] principals = sr.getAllPrincipals();
List<String> result = new ArrayList<String>();
for(int i = 0; i < principals.length; i++) {
SessionInformation[] sis = sr.getAllSessions(principals[i], false);
result.add(principals[i].toString());
logger.info("Adding entry: " + principals[i].toString() + ", sessions: " + sis.length);
}
return result;
}
Unfortunately all this doesn't work and I don't really know how to debug this. What I do is start using the applicaton (after the container-managed BASIC auth) and invoke the jsp page. The list is always empty.
不幸的是这一切都行不通,我真的不知道如何调试它。我所做的是开始使用应用程序(在容器管理的BASIC auth之后)并调用jsp页面。该列表始终为空。
2 个解决方案
#1
2
The problem with the above mentioned configuration is that none of the beans are responsible for putting data into the SessionRegistry. The session events are published in the application, but more beans are needed so that authentications be put into the registry, for example an AuthenticationManager should be configured. Without this the SessionRegistry stays always empty.
上述配置的问题在于没有bean负责将数据放入SessionRegistry。会话事件在应用程序中发布,但需要更多bean,以便将身份验证放入注册表,例如,应配置AuthenticationManager。如果没有这个,SessionRegistry将始终为空。
#2
1
This have be done here: http://krams915.blogspot.com/2010/12/spring-security-mvc-querying.html
这可以在这里完成:http://krams915.blogspot.com/2010/12/spring-security-mvc-querying.html
Enjoy :)
#1
2
The problem with the above mentioned configuration is that none of the beans are responsible for putting data into the SessionRegistry. The session events are published in the application, but more beans are needed so that authentications be put into the registry, for example an AuthenticationManager should be configured. Without this the SessionRegistry stays always empty.
上述配置的问题在于没有bean负责将数据放入SessionRegistry。会话事件在应用程序中发布,但需要更多bean,以便将身份验证放入注册表,例如,应配置AuthenticationManager。如果没有这个,SessionRegistry将始终为空。
#2
1
This have be done here: http://krams915.blogspot.com/2010/12/spring-security-mvc-querying.html
这可以在这里完成:http://krams915.blogspot.com/2010/12/spring-security-mvc-querying.html
Enjoy :)