springSecurity查看在线用户和下线用户

其中文章

package org.exam.security;
import org.exam.config.Constants;
import org.exam.domain.doc.SessionInfo;
import org.exam.repository.mongo.MongoSessionInfoRepo;
import org.springframework.context.ApplicationListener;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
public class SessionRegistryImpl implements SessionRegistry, ApplicationListener<SessionDestroyedEvent> {
    private final MongoSessionInfoRepo mongoSessionInfoRepo;
    private final MongoTemplate mongoTemplate;
    private static final String C_SESSION_INFO = Constants.TABLE_PREFIX + "session_info";
    public SessionRegistryImpl(MongoSessionInfoRepo mongoSessionInfoRepo, MongoTemplate mongoTemplate) {
        this.mongoSessionInfoRepo = mongoSessionInfoRepo;
        this.mongoTemplate = mongoTemplate;
    }
    private String getUid(Object principal) {
        return (principal instanceof UserDetails) ? ((UserDetails) principal).getUsername() : principal.toString();
    }
    @SuppressWarnings("unchecked")
    @Override
    public List getAllPrincipals() {
        return mongoTemplate.getCollection(C_SESSION_INFO).distinct("uid");
    }
    @Override
    public List getAllSessions(Object principal, boolean includeExpiredSessions) {
        String uid = getUid(principal);
        Iterable list = includeExpiredSessions ? mongoSessionInfoRepo.findByUid(uid) : mongoSessionInfoRepo.findByUidAndExpired(uid, false);
        List result = new ArrayList<>();
        for (SessionInfo info : list) {
            result.add(new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest()));
        }
        return result;
    }
    @Override
    public SessionInformation getSessionInformation(String sessionId) {
        SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId);
        if (info != null) {
            SessionInformation information = new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest());
            if (info.isExpired()) {
                information.expireNow();
            }
            return information;
        } else {
            return null;
        }
    }
    @Override
    public void refreshLastRequest(String sessionId) {
        SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId);
        info.setLastRequest(new Date());
        mongoSessionInfoRepo.save(info);
    }
    @Override
    public void registerNewSession(String sessionId, Object principal) {
        SessionInfo info = new SessionInfo();
        info.setSid(sessionId);
        info.setUid(getUid(principal));
        info.setLastRequest(new Date());
        info.setExpired(false);
        mongoSessionInfoRepo.save(info);
    }
    @Override
    public void removeSessionInformation(String sessionId) {
        mongoSessionInfoRepo.deleteBySid(sessionId);
    }
    @Override
    public void onApplicationEvent(SessionDestroyedEvent event) {
        removeSessionInformation(event.getId());
    }
} 
  
@Document(collection = Constants.TABLE_PREFIX + "session_info")
public class SessionInfo implements Serializable {
    //objectId
    private String id;
    //sessionId
    private String sid;
    //用户标识:比如登录只有用户名,那么用户名也可以作为用户标识
    private String uid;
    private Date lastRequest = new Date();
    private boolean expired = false;
    //setter,getter略
}
@NoRepositoryBean
public interface MongoBaseRepo<T extends Serializable> extends PagingAndSortingRepository<T, String>, QueryDslPredicateExecutor<T> {
}
public interface MongoSessionInfoRepo extends MongoBaseRepo<SessionInfo> {
    SessionInfo findBySid(String sid);
    List findByUid(String uid);
    List findByUidAndExpired(String uid, boolean expired);
    void deleteBySid(String sid);
}

2.要查看用户session列表,直接使用mongoSessionInfoRepo去查就可以.
3.下线用户(踢出用户).只需要将过期设置true就可以,用户下次请求就会被登出.

    @RequestMapping("logout")
    public String logout(String sid) {
        SessionInfo info = mongoSessionInfoRepo.findBySid(sid);
        info.setExpired(true);
        mongoSessionInfoRepo.save(info);
        return "session/list";
    }

你可能感兴趣的:(security)