Databases
StackOverflow2013
Postsdbo
POGetting logged in users with a SessionRegistry
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGetting logged in users with a SessionRegistry
    text
    copied!<p>I have a web application that is secured totally by the Weblogic container. Now I have to list the currently logged in users. I have to use Spring Security 2.0.4 for that</p> <p>In web.xml I defined the necessary listener and filter:</p> <pre class="lang-xml prettyprint-override"><code> &lt;listener&gt; &lt;listener-class&gt; org.springframework.web.context.ContextLoaderListener &lt;/listener-class&gt; &lt;/listener&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.security.ui.session.HttpSessionEventPublisher&lt;/listener-class&gt; &lt;/listener&gt; &lt;filter&gt; &lt;filter-name&gt;Spring Security Filter Chain Proxy&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.security.util.FilterToBeanProxy&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;targetClass&lt;/param-name&gt; &lt;param-value&gt;org.springframework.security.util.FilterChainProxy&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;Spring Security Filter Chain Proxy&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; </code></pre> <p>After that I defined the beans as I understood this:</p> <pre class="lang-xml prettyprint-override"><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd"&gt; &lt;beans&gt; &lt;bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"&gt; &lt;property name="filterInvocationDefinitionSource"&gt; &lt;value&gt; CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionIntegrationFilter,logoutFilter,exceptionTranslationFilter,concurrencyFilter &lt;/value&gt; &lt;/property&gt; &lt;/bean&gt; &lt;bean id="httpSessionIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter" /&gt; &lt;bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter"&gt; &lt;constructor-arg value="/logout.html" /&gt; &lt;!-- URL redirected to after logout --&gt; &lt;constructor-arg&gt; &lt;list&gt; &lt;bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" /&gt; &lt;/list&gt; &lt;/constructor-arg&gt; &lt;property name="filterProcessesUrl" value="/j_acegi_logout" /&gt; &lt;/bean&gt; &lt;bean name="concurrencyFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter"&gt; &lt;property name="sessionRegistry" ref="sessionRegistryBean"/&gt; &lt;property name="expiredUrl" value="/session-expired.htm"/&gt; &lt;/bean&gt; &lt;bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"&gt; &lt;property name="loginFormUrl"&gt; &lt;value&gt;/&lt;/value&gt; &lt;/property&gt; &lt;/bean&gt; &lt;bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter"&gt; &lt;property name="authenticationEntryPoint" ref="authenticationEntryPoint" /&gt; &lt;/bean&gt; &lt;bean id="sessionRegistryBean" class="org.springframework.security.concurrent.SessionRegistryImpl"&gt; &lt;/bean&gt; &lt;/beans&gt; </code></pre> <p>Finally I wrote a simple JSP page that lists the users:</p> <pre><code> &lt;body&gt; &lt;% ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(request.getSession().getServletContext()); ActiveSessions as = new ActiveSessions(appContext); for(String u : as.getUsers()) { %&gt; &lt;ul&gt;&lt;li&gt;&lt;% out.println(u); %&gt;&lt;/li&gt;&lt;/ul&gt; &lt;% } %&gt; &lt;/body&gt; </code></pre> <p>And here is how my helper class tries to get the user list:</p> <pre><code>public List&lt;String&gt; getUsers() { SessionRegistry sr = (SessionRegistry) a.getBean("sessionRegistryBean"); Object[] principals = sr.getAllPrincipals(); List&lt;String&gt; result = new ArrayList&lt;String&gt;(); for(int i = 0; i &lt; principals.length; i++) { SessionInformation[] sis = sr.getAllSessions(principals[i], false); result.add(principals[i].toString()); logger.info("Adding entry: " + principals[i].toString() + ", sessions: " + sis.length); } return result; } </code></pre> <p>Unfortunately all this doesn't work and I don't really know how to debug this. What I do is start using the applicaton (after the container-managed BASIC auth) and invoke the jsp page. The list is always empty.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload