XML是照着文档编写的,启动也没报错
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前,
实现用户、角色、权限、资源的数据库管理。 -->
<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<session-management invalid-session-url="/jsp/common/sessionTimeout.jsp" session-authentication-strategy-ref="sas"/>
<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/jsp/common/session-expired.jsp" />
<beans:property name="logoutHandlers">
<beans:list>
<beans:ref local="logoutHandler"/>
</beans:list>
</beans:property>
</beans:bean>
<!-- 注销监听器 -->
<beans:bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<beans:property name="InvalidateHttpSession" value="true" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
然后写了一个controller,方法如下
@Autowired PermissionService permissionService;
@Autowired
@Qualifier("sessionRegistry")
SessionRegistry sessionRegistry;
//@Resource(name="sessionRegistry")
///private SessionRegistryImpl sessionRegistry;
/**
* 强制让用户下线
* @throws Exception
*/
@RequestMapping("/shotOff")
@ResponseBody
public Map<String, Object> shotOff(String username) throws Exception{
Map<String, Object> map = new HashMap<String, Object>();
SysUsersCustom sysUsersCustom = new SysUsersCustom();
sysUsersCustom.setUserAccount(username);
SysUsersCustom users = permissionService.selectLoginerInfoByUserAccount(sysUsersCustom, username);
//用户列表
List<Object> userList=sessionRegistry.getAllPrincipals();
for(int i=0; i<userList.size(); i++){
User userTemp=(User) userList.get(i);
if(userTemp.getUsername().equals(username))
{
List<SessionInformation> sessionInformationList = sessionRegistry.getAllSessions(userTemp, false);
if (sessionInformationList!=null) {
for (SessionInformation sis : sessionInformationList) {
sis.expireNow();
sessionRegistry.removeSessionInformation(sis.getSessionId());
String remark=userTemp.getUsername()+"被管理员"+Common.findAuthenticatedUsername()+"踢出";
//loginLogService.logoutLog(userTemp, sessionId, remark); //记录注销日志和减少在线用户1个
//logger.info(userTemp.getId()+" "+userTemp.getName()+"用户会话销毁," + remark);
System.out.print(remark);
}
map.put("status", "y");
map.put("info", "强制下线成功!");
}else{
map.put("status", "n");
map.put("info", "用户会话信息不存在!");
}
}else{
map.put("status", "n");
map.put("info", "记录表中不存在当前用户!");
}
}
return map;
}
但sessionRegistry.getAllPrincipals()一直获取不到在线用户数,不知道问题出在哪里