I can't seem to find how to get a reference to the Spring Security (V3) SessionRegistry inside of a Struts action.
I've configured the listener inside of my web.xml file:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
And I've tried to use the @Autowired annotation to bring it into an action:
@Autowired
private SessionRegistry sessionRegistry;
@Override
public String execute() throws Exception {
numberOfUsersLoggedin= sessionRegistry.getAllPrincipals().size();
return SUCCESS;
}
public SessionRegistry getSessionRegistry() {
return sessionRegistry;
}
public void setSessionRegistry(SessionRegistry sessionRegistry) {
this.sessionRegistry = sessionRegistry;
}
The http configuration looks like this:
<session-management invalid-session-url="/public/login.do?login_error=expired"
session-authentication-error-url="/public/login.do"
session-fixation-protection="newSession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
Generally I am more comfortable wiring the Spring bean myself, but not sure how this is exposed using the namespace. Each time the action executes, the session registry is null.
Can anyone point out what I am doing wrong here, or show me the way to an example?
Thanks in advance for any/all replies!
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.
Once application up, open the http://localhost:8080/login URL in your browser. We will have the custom login page from spring security. Provide the valid credentials (which you used while registration), click on the “Sign In” button.
Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml. Note that the first option will affect every app that's deployed to the Tomcat instance.
If you are configuring Spring Security by namespace, the following attributes of concurrency-control tag can be useful for accessing SystemRegistry:
Description of each of attributes from official documentation:
session-registry-alias. It can also be useful to have a reference to the internal session registry for use in your own beans or an admin interface. You can expose the internal bean using the session-registry-alias attribute, giving it a name that you can use elsewhere in your configuration.
session-registry-ref. The user can supply their own SessionRegistry implementation using the session-registry-ref attribute. The other concurrent session control beans will be wired up to use it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With