为了更改经过身份验证的用户的权限,我需要检索所有这些用户,因此我使用了sessionregistry,如下链接所示。
但是 sessionRegistry.getAllPrincipals() 方法返回空列表。
我的项目配置如下:
web.xml文件:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>loyfeey</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</context-param>
<!-- <context-param> <param-name>contextConfigLocation</param-name> <param-value>com.mkyong.web.config</param-value>
</context-param> -->
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>throwExceptionIfNoHandlerFound</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<location>/errors</location>
</error-page>
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<!-- if true then browser script won't be able to access the cookie -->
<http-only>false</http-only>
<!--!if true then the cookie will be sent only over HTTPS connection -->
<secure>false</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
</web-app>Web安全配置适配器
@Configuration
@EnableWebSecurity
@Transactional
@Service
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CompteDetailsService compteDetailsService;
@Autowired
private IMatcherService matcherDetailsService;
@Autowired
private CustomLogoutSuccessHandler logoutSuccessHandler;
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(compteDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers(/*some paths*/).permitAll();
http.authorizeRequests().antMatchers("/**").access("hasRole('ROLE_ADMIN')");
List<Matcher> matchers = matcherDetailsService.getMatchersConfig();
for (Matcher matcher : matchers) {
http.authorizeRequests()//
.antMatchers("/" + matcher.getPath())//
.hasAnyAuthority(matcher.getPermission().toString());
}
http.authorizeRequests().anyRequest().denyAll();
http.authorizeRequests().and().formLogin()
.loginProcessingUrl("/login")
.loginPage("/")
.defaultSuccessUrl("/authentification/successful")
.failureUrl("/?error=true")
.usernameParameter("login")
.passwordParameter("password");
http.authorizeRequests().and().logout()
.logoutUrl("/authentification/logout")
.logoutSuccessUrl("/");
.logoutSuccessHandler(logoutSuccessHandler);
http.authorizeRequests().and().exceptionHandling().accessDeniedPage("/authentification/accessDenied");
SessionRegistry sr = sessionRegistry();
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
}如果有人能帮我找出我遗漏了什么
1条答案
按热度按时间bxfogqkk1#
感谢@m。为了他的回答,我分开了
spring-servlet.xml分为两个文件:spring-context.xml以及spring-servlet.xml如下图所示:web.xml文件: