Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

spring security - is there an way to get session registry inside my application (without explicilty customizing the concurrentFilter)

Tags:

java

spring

session

spring-security

httpsession

I was referring to this thread, and in the second last post by Rob Winch (Spring Security Lead), he mentions that we can have access to the sessionRegisty :

<session-management>
  <concurrency-control session-registry-alias="sessionRegistry"/>
</session-management>

Therefore, I register the HttpSessionEventPublisher filter in web.xml and specify the above setting in my <http> section. I DON'T add this :

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

and in my class, I inject an instance of sessionRegistry like this :

@Autowired
private SessionRegistry sessionRegistry

This is how I am trying to find out the sessions for a user:

List<SessionInformation> userSessions = sessionRegistry.getAllSessions(username,false);
        for (SessionInformation userSession : userSessions){
            userSession.expireNow();
        }

The principal is the username of the user. Upon debugging, the sessionRegistry variable's principals and sessionids variables are empty. Am I doing anything wrong here, or are the steps mentioned by krams's blog, the only way to do this ?

like image 594
Daud Avatar asked Aug 03 '12 07:08

Daud

People also ask

How does Spring Security concurrent session control work?

Concurrent Session Control When a user that is already authenticated tries to authenticate again, the application can deal with that event in one of a few ways. It can either invalidate the active session of the user and authenticate the user again with a new session, or allow both sessions to exist concurrently.

Which tag is used to manage session in Spring Security?

SessionManagementFilter in Spring Security web. session. SessionManagementFilter. In XML configuration it's represented by a tag called <session-management />.

How do I provide security to spring application?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.

1 Answers

Well you can autowire sessionRegistry. Nothing is wrong. I used it to track SessionInformation and registered sessions for UserPrincipal

like image 140
Nandkumar Tekale Avatar answered Sep 24 '22 16:09

Nandkumar Tekale
Sign in to Comment

Related questions

What are the consequences if we try to attach a Native Thread permanently to the DVM (JVM)?
JBoss 7: how to dynamically load jars
How to retrieve huge (>2000) amount of entities from GAE datastore in under 1 second?
Java, Runtime.exec or ProcessBuilder: how to know if the file is shell or binary?
Objects lifespan in Java vs .Net
Combine Java Swing and Java3D: performance problems with concurrency
Android: Call Python Script (via SL4A) from Java code
Embedded Jetty: Different ports for internally- and externally-visible endpoints?
How to automatically upgrade a Java application during its startup?
Tapestry : Start page use english locale instead of default locale
Hibernate 4 Multi-Tenancy and Spring 3 Hibernate
Are there any frameworks to synchronize data generated on one peer with all other peers in an unreliable network?
Can not read response from server
Make gson NOT put quotes around field names
GSON converts to LinkedHashMap instead of my object
Java: Polymorphic Return Type in an Abstract Method?
JavaCompiler with custom ClassLoader and FileManager
play! framework 2.0 crud module
Anyway to pass a constructor parameter to a JAXB Adapter?
How can I access Maven Artifact POM using Maven's Java API?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!