@Override protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions, SessionRegistry registry) throws SessionAuthenticationException { SessionInformation leastRecentlyUsed = null; for (SessionInformation session : sessions) { if ((leastRecentlyUsed == null) || session.getLastRequest().before(leastRecentlyUsed.getLastRequest())) { leastRecentlyUsed = session; } } if(leastRecentlyUsed instanceof SessionInformationObject){ SessionInformationObject sessionObject=(SessionInformationObject)leastRecentlyUsed; sessionObject.setKickAway(true); } leastRecentlyUsed.expireNow(); }
public WebSecurityConfig(UserService userService, PasswordEncoder passwordEncoder, RememberMeServices rememberMeServices, SessionRegistry sessionRegistry) { this.userService = userService; this.passwordEncoder = passwordEncoder; this.rememberMeServices = rememberMeServices; this.sessionRegistry = sessionRegistry; }
@Autowired public UserSessionController(SessionRegistry sessionRegistry) { if (sessionRegistry == null) { throw new IllegalArgumentException("sessionRegistry cannot be null"); } this.sessionRegistry = sessionRegistry; }
/** * sessionAuthenticationStrategy does not work in JavaConfig * @param sessionRegistry * @return */ @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){ return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{ setMaximumSessions(-1); }}; }
/** * sessionAuthenticationStrategy does not work in JavaConfig * @param sessionRegistry * @return */ // @Bean public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){ return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{ setMaximumSessions(-1); }}; }
public NoneLoginException(String msg) { super(msg); HttpServletRequest request=ContextHolder.getRequest(); if(request==null){ return; } HttpSession session = request.getSession(false); if (session == null) { return; } String state=(String)session.getAttribute(SessionStateConstants.SESSION_STATE); if(state==null){ SessionRegistry sessionRegistry=ContextHolder.getBean("bdf2.sessionRegistry"); SessionInformation info = sessionRegistry.getSessionInformation(session.getId()); if(info==null){ return; } if(info instanceof SessionInformationObject){ SessionInformationObject obj=(SessionInformationObject)info; if(obj.isKickAway()){ session.setAttribute(SessionStateConstants.SESSION_STATE, SessionStateConstants.KICKAWAY); this.sessionKickAway=true; } }else if(info.isExpired()){ session.setAttribute(SessionStateConstants.SESSION_STATE, SessionStateConstants.EXPIRED); } }else if(state.equals(SessionStateConstants.KICKAWAY)){ this.sessionKickAway=true; } }
private void getAllUsers(JSONObject sysInfo) { SessionRegistry sessionRegistry = (SessionRegistry) ApplicationContextAccessor.getBean("sessionRegistry"); List<Object> principals = sessionRegistry.getAllPrincipals(); for (Object principal : principals) { if (principal instanceof User) { User user = ((User) principal); sysInfo.accumulate("users", JSONObject.fromObject(user)); } } }
protected void ensureSessionRegistryInitialized(ApplicationContext appContext) { if (sessionRegistry == null) { synchronized (this) { if (sessionRegistry == null) { sessionRegistry = appContext.getBean(SessionRegistry.class); } } } }
@Test public void test_issue_3049() throws Exception { Set<ApplicationContext> applicationContextSet = SpringApplicationContextProvider.getApplicationContextSet(); Iterator<ApplicationContext> i = applicationContextSet.iterator(); ApplicationContext applicationContext1 = i.next(); ApplicationContext applicationContext2 = i.next(); SessionRegistry sessionRegistry1 = applicationContext1.getBean(SessionRegistry.class); SessionRegistry sessionRegistry2 = applicationContext2.getBean(SessionRegistry.class); SpringSecuritySession sss = login(null, false); request("hello", serverPort1, sss.cookieStore); String sessionId = sss.getSessionId(); String hazelcastSessionId = sss.getHazelcastSessionId(); assertTrue( "Native session must not exist in both Spring session registry of Node-1 and Node-2 after login", sessionRegistry1.getSessionInformation(sessionId) == null && sessionRegistry2.getSessionInformation(sessionId) == null); assertTrue( "Hazelcast session must exist locally in one of the Spring session registry of Node-1 and Node-2 after login", sessionRegistry1.getSessionInformation(hazelcastSessionId) != null || sessionRegistry2.getSessionInformation(hazelcastSessionId) != null); logout(sss); assertTrue( "Native session must not exist in both Spring session registry of Node-1 and Node-2 after logout", sessionRegistry1.getSessionInformation(sessionId) == null && sessionRegistry2.getSessionInformation(sessionId) == null); assertTrue( "Hazelcast session must not exist in both Spring session registry of Node-1 and Node-2 after logout", sessionRegistry1.getSessionInformation(hazelcastSessionId) == null && sessionRegistry2.getSessionInformation(hazelcastSessionId) == null); }
/** * This method has been copied from ConcurrentSessionControlStrategy and modified to * better ensure that more that the allowed number of sessions are never valid * at the same time. * * @see ConcurentSessionControlStrategy.allowableSessionsExceeded */ protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions, SessionRegistry registry) throws SessionAuthenticationException { if (exceptionIfMaximumExceeded || (sessions == null)) { throw new SessionAuthenticationException(messages.getMessage( "ConcurrentSessionControlStrategy.exceededAllowed", new Object[] {new Integer(allowableSessions)}, "Maximum sessions of {0} for this principal exceeded")); } //BEGIN CUSTOMIZATIONS log.debug("allowableSessionExceeded. allowed: " + allowableSessions + " Current: " + sessions.size()); //sort the session by recency, increasing Collections.sort(sessions, comparator); //note - sessions does not include the new session being authenticated int sessionsToExpire = sessions.size() - allowableSessions + 1; //remove the first sessionToExpire sessions from the sorted list for (int i = 0; i < sessionsToExpire; i++) { sessions.get(i).expireNow(); } }
public ProfileRestController(ProfileService profileService, SessionRegistry sessionRegistry) { this.profileService = profileService; this.sessionRegistry = sessionRegistry; }
@Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
@Bean protected SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
public UserSessionController(SessionRegistry sessionRegistry) { if (sessionRegistry == null) { throw new IllegalArgumentException("sessionRegistry cannot be null"); } this.sessionRegistry = sessionRegistry; }
@Bean public SessionRegistry sessionRegistry(){ return new SessionRegistryImpl(); }
@Bean public SessionRegistry getSessionRegistry(){ SessionRegistry sessionRegistry=new SessionRegistryImpl(); return sessionRegistry; }
/** * 自定义UserDetailsService,从数据库中读取用户信息 * @return */ @Bean public UserDetailsService customUserDetailsService(){ return new UserDetailsService(){ @Autowired private UserService userService; @Autowired private SessionRegistry sessionRegistry; @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { //User对应数据库中的用户表,是最终存储用户和密码的表,可自定义 org.gra4j.dataMigration.crud.entity.User user = userService.findUserByName(userName); if (user == null) { throw new UsernameNotFoundException("UserName " + userName + " not found"); } //用户已经登录则此次登录失败 List<Object> o = sessionRegistry.getAllPrincipals(); for ( Object principal : o) { if (principal instanceof org.gra4j.dataMigration.crud.entity.User && (user.getUserName().equals(((org.gra4j.dataMigration.crud.entity.User) principal).getUserName()))) { throw new SessionAuthenticationException("当前用户已经在线,登录失败!!!"); } } //List<Permission> permissions = permissionDao.findByAdminUserId(user.getId()); List<GrantedAuthority> grantedAuthorities = new ArrayList<>(); /*for (Permission permission : permissions) { if (permission != null && permission.getName()!=null) { GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(permission.getName()); //1:此处将权限信息添加到 GrantedAuthority 对象中,在后面进行全权限验证时会使用GrantedAuthority 对象。 grantedAuthorities.add(grantedAuthority); } }*/ return new User(user.getUserName(), user.getPassword(), grantedAuthorities); } }; }
public ConcurrentSessionControlStrategyImpl(SessionRegistry sessionRegistry) { super(sessionRegistry); }
public ConcurrentSessionControlFilter(SessionRegistry sessionRegistry, String expiredUrl,String sessionKickAwayUrl) { super(sessionRegistry,expiredUrl); this.sessionKickAwayUrl=sessionKickAwayUrl; }
@Bean protected SessionRegistry sessionRegistryImpl() { return new SessionRegistryImpl(); }
/** * Use by Spring Security, to get events from Hazelcast. */ @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
/** * Allowable sessions exceeded. * * @param sessions * the sessions * @param allowableSessions * the allowable sessions * @param sameIp * the same ip * @param registry * the registry * @throws SessionAuthenticationException * the session authentication exception */ protected void allowableSessionsExceeded(java.util.List<SessionInformation> sessions, int allowableSessions, boolean sameIp, SessionRegistry registry) throws SessionAuthenticationException { // new IP handle if (!sameIp) { // deny login if exceptionIfMaximumExceeded if (exceptionIfMaximumExceeded || (sessions == null)) { throw new SessionAuthenticationException(messages.getMessage( "ConcurrentSessionControllerImpl.exceededAllowed", new Object[] { Integer.valueOf(allowableSessions) }, "Maximum sessions of {0} for this principal exceeded")); } } // Determine least recently used session, and mark it for invalidation SessionInformation leastRecentlyUsed = null; for (int i = 0; i < sessions.size(); i++) { if ((leastRecentlyUsed == null) || sessions.get(i).getLastRequest().before(leastRecentlyUsed.getLastRequest())) { leastRecentlyUsed = sessions.get(i); } } if (sessions.size() > allowableSessions && !sameIp) { BasicPrincipal basicPrincipal = (BasicPrincipal) leastRecentlyUsed.getPrincipal(); for (int i = 0; i < sessions.size(); i++) { if (sessions.get(i).getPrincipal().equals(leastRecentlyUsed.getPrincipal())) { if (basicPrincipal.equalsIp((BasicPrincipal) (sessions.get(i).getPrincipal()))) { sessions.get(i).expireNow(); } } } leastRecentlyUsed.expireNow(); } else if (!sameIp) { leastRecentlyUsed.expireNow(); } else { // TODO } }
public OzoneConcurrentSessionControlStrategy(SessionRegistry sessionRegistry) { super(sessionRegistry); allowedSessionsCache = CacheManagerFactory.getCacheManager().getCache(CACHE_NAME); }
@Override @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
/** * Use by Spring Security, to get events from Hazelcast. * * @return the session registry */ @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
/** * Session registry. * * @return the session registry */ @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
/** * Instantiates a new basic concurrent session control strategy. * * @param sessionRegistry * the session registry */ public BasicConcurrentSessionControlStrategy(SessionRegistry sessionRegistry) { Assert.notNull(sessionRegistry, "The sessionRegistry cannot be null"); super.setAlwaysCreateSession(true); this.sessionRegistry = sessionRegistry; }
