0

我正在使用 Spring Security 3.0.5 并尝试获取当前登录用户的计数。我的场景是预认证并使用基于 bean 的配置,而不是<http>基于命名空间的配置(在这种情况下,这似乎是微不足道的。

我的配置文件如下:

    <beans:bean id="springSecurityFilterChain"
    class="org.springframework.security.web.FilterChainProxy">
    <filter-chain-map path-type="ant">
        <filter-chain pattern="/**/resources/**" filters="none" />
        <filter-chain pattern="/**/logout/**" filters="none" />
        <filter-chain pattern="/service/**" filters="none" />
        <filter-chain pattern="/**"
            filters="sif,concurrencyFilter,shibbolethFilter,smf,logoutFilter,etf,fsi" />

    </filter-chain-map>
</beans:bean>

<beans:bean id="sif"
    class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />

<beans:bean id="scr"
    class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />

<beans:bean id="smf"
    class="org.springframework.security.web.session.SessionManagementFilter">
    <beans:constructor-arg name="securityContextRepository"
        ref="scr" />
    <beans:property name="sessionAuthenticationStrategy"
        ref="sas" />
</beans:bean>

<beans:bean id="shibbolethFilter"
    class="PreAuthenticatedShibbolethAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="exceptionIfHeaderMissing" value="true" />
    <beans:property name="continueFilterChainOnUnsuccessfulAuthentication"
        value="true" />
    <beans:property name="developmentMode" value="true" />
    <beans:property name="authenticationSuccessHandler"
        ref="customAuthenticationSuccessHandlerBean" />
</beans:bean>

<beans:bean id="sas"
    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg name="sessionRegistry"
        ref="sessionRegistry" />
    <beans:property name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="concurrencyFilter"
    class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:property name="sessionRegistry" ref="sessionRegistry" />
    <beans:property name="expiredUrl" value="/session-expired.html" />
</beans:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref='preauthAuthProvider' />
</authentication-manager>

<beans:bean id="preauthAuthProvider"
    class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService">
        <beans:bean id="userDetailsServiceWrapper"
            class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <beans:property name="userDetailsService" ref="userDetailsService" />
        </beans:bean>
    </beans:property>
</beans:bean>

<beans:bean id="logoutHandlerBean"
    class="LogoutSuccessHandlerImpl" />

<beans:bean id="userDetailsService"
    class="CustomJdbcDaoImpl">
    <beans:property name="dataSource" ref="projectDS" />
    <beans:property name="enableGroups" value="true" />
    <beans:property name="enableAuthorities" value="false" />
</beans:bean>

在我的控制器中,我有以下代码:

@Resource(name="sessionRegistry") 私有 SessionRegistry sessionReg;

private void doTest() {
    List<Object> principals = sessionReg.getAllPrincipals();
    for (Object o : principals) {
        List<SessionInformation> siList = sessionReg.getAllSessions(o,
                true);
        for (SessionInformation si : siList) {
            logger.error(si.getSessionId() + " " + si.getPrincipal());
        }
    }
}

该列表principals始​​终为空。我觉得应该得到一个to的PreAuthenticatedShibbolethAuthenticationFilter过滤器,但是,没有可以设置的这样的属性。extends AbstractPreAuthenticatedProcessingFilterrefConcurrentSessionControlStrategy

我错过了什么?

4

1 回答 1

0

SecurityContextPersistenceFilter 需要一个 SecurityContextRespository

<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" >
<property name="securityContextRepository" ref="scr" />
</bean>
于 2013-02-01T09:58:50.787 回答