Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

spring security - is there an way to get session registry inside my application (without explicilty customizing the concurrentFilter)

I was referring to this thread, and in the second last post by Rob Winch (Spring Security Lead), he mentions that we can have access to the sessionRegisty :

<session-management>
  <concurrency-control session-registry-alias="sessionRegistry"/>
</session-management>

Therefore, I register the HttpSessionEventPublisher filter in web.xml and specify the above setting in my <http> section. I DON'T add this :

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

and in my class, I inject an instance of sessionRegistry like this :

@Autowired
private SessionRegistry sessionRegistry

This is how I am trying to find out the sessions for a user:

List<SessionInformation> userSessions = sessionRegistry.getAllSessions(username,false);
        for (SessionInformation userSession : userSessions){
            userSession.expireNow();
        }

The principal is the username of the user. Upon debugging, the sessionRegistry variable's principals and sessionids variables are empty. Am I doing anything wrong here, or are the steps mentioned by krams's blog, the only way to do this ?

like image 594
Daud Avatar asked Aug 03 '12 07:08

Daud


People also ask

How does Spring Security concurrent session control work?

Concurrent Session Control When a user that is already authenticated tries to authenticate again, the application can deal with that event in one of a few ways. It can either invalidate the active session of the user and authenticate the user again with a new session, or allow both sessions to exist concurrently.

Which tag is used to manage session in Spring Security?

SessionManagementFilter in Spring Security web. session. SessionManagementFilter. In XML configuration it's represented by a tag called <session-management />.

How do I provide security to spring application?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.


1 Answers

Well you can autowire sessionRegistry. Nothing is wrong. I used it to track SessionInformation and registered sessions for UserPrincipal

like image 140
Nandkumar Tekale Avatar answered Sep 24 '22 16:09

Nandkumar Tekale