Voici mon SecureConfig
fichier, avec personnalisé SessionRepository et le filtre d'authentification de mot de passe de nom d'utilisateur personnalisé.Session de printemps pas obtenir la liste de tous les utilisateurs connectés dans l'application
@Bean(name = "sessionRegistry") public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
@Bean
@Order(1)
public ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlAuthenticationStrategy(){
ConcurrentSessionControlAuthenticationStrategy cscas= new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry());
cscas.setMaximumSessions(-1);
cscas.setExceptionIfMaximumExceeded(true);
return cscas;
}
@Bean
@Order(2)
public SessionFixationProtectionStrategy sessionFixationProtectionStrategy(){
return new SessionFixationProtectionStrategy();
}
@Bean
@Order(3)
public RegisterSessionAuthenticationStrategy registerSessionAuthenticationStrategy(){
RegisterSessionAuthenticationStrategy registerSessionAuthenticationStrategy = new RegisterSessionAuthenticationStrategy(sessionRegistry());
return registerSessionAuthenticationStrategy;
}
@Bean
public CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy(){
List<SessionAuthenticationStrategy> sessionAuthenticationStrategies = new ArrayList<>();
sessionAuthenticationStrategies.add(concurrentSessionControlAuthenticationStrategy());
sessionAuthenticationStrategies.add(sessionFixationProtectionStrategy());
sessionAuthenticationStrategies.add(registerSessionAuthenticationStrategy());
CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy = new CompositeSessionAuthenticationStrategy(sessionAuthenticationStrategies);
return compositeSessionAuthenticationStrategy;
}
http.sessionManagement().sessionFixation().migrateSession().sessionAuthenticationStrategy(compositeSessionAuthenticationStrategy);
et ma classe de service:
@Autowired
@Resource(name="sessionRegistry")
private SessionRegistry sessionRegistry;
//getting all logged in users from method
public List<CurrentUser> listLogInCurrentUsers() {
List<Object> principals = sessionRegistry.getAllPrincipals();
LOGGER.info("prinipals: "+principals.get(0));
List<CurrentUser> usersList = new ArrayList<CurrentUser>();
for (Object principal : principals) {
if (principal instanceof org.springframework.security.core.userdetails.User) {
usersList.add(((CurrentUser) principal));
}
}
return usersList;
}
Et je reçois toujours collection vide, où je l'ai fait mal ... je presque passé avec les jours avec le problème.