Announcement Announcement Module
Collapse
No announcement yet.
Get list of logged in users Spring+GWT. Please Help Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Get list of logged in users Spring+GWT. Please Help


    Hi, all!

    I am new to Spring Security, but i try step by step to learn how to use it proper in app. I succeed, leastwise i think so, in configuring applicationContext.xml and web xml, but couple of days ago i recognized that i need somehow to get the list of all currently logged in users. I've read almost all threads relative to this topic, and as i understood the only way is to use SessionRegistry and it's method getAllPrincipals(). The following code is my Spring Security configurations, web.xml and the way i try to get the logged users:

    applicationContext.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	 http://www.springframework.org/schema/beans/spring-beans.xsd
    	 http://www.springframework.org/schema/tx 
    	 http://www.springframework.org/schema/tx/spring-tx.xsd
         http://www.springframework.org/schema/aop
         http://www.springframework.org/schema/aop/spring-aop.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
    
    	<aop:aspectj-autoproxy/>
    
    <bean id="securedDummy" class="com.google.gwt.spring.server.security.SecuredDummy" />
    
    	<security:http entry-point-ref="http403ForbiddenEntryPoint" create-session="always">
    <security:session-management session-authentication-strategy-ref="sas" /> 
    	</security:http>
    
        <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
            <constructor-arg ref="sessionRegistry"/>
            <property name="maximumSessions" value="1"/>
        </bean>
         
    	<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> 
    
    	<bean id="http403ForbiddenEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
    
        <security:global-method-security proxy-target-class="true" secured-annotations="enabled" pre-post-annotations="enabled" />
    
    
    	<bean id="manualAuthenticationProcessor" class="com.google.gwt.spring.server.security.ManualAuthenticationProcessor" autowire="byType">
    		<property name="authenticationManager" ref="authManager"/>
    		<property name="sessionReg" ref="sessionRegistry"/>
    	</bean>
       
    	<security:authentication-manager alias="authManager">
    		<security:authentication-provider user-service-ref="userDao">
    			<security:password-encoder ref="passwordEncoder">
    				<security:salt-source ref="saltSource" />
    			</security:password-encoder>
    		</security:authentication-provider>
    	</security:authentication-manager>
    
    	
    	<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
    	<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource" p:userPropertyToUse="email"/>
    web.xml
    Code:
    context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>classpath:applicationContext.xml</param-value>
    	</context-param>
      
      	<session-config>
      		<session-timeout>30</session-timeout> 
      	</session-config>
    
     	<listener>
      		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> 
      	</listener>
      
      
    	<listener>
    		<listener-class>
    			org.springframework.web.context.ContextLoaderListener
    		</listener-class>
    	</listener>
    	
    	
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    ManualAuthenticationProcessor
    Code:
    @Controller
    public class ManualAuthenticationProcessor {
    
        @Autowired
        private AuthenticationManager authenticationManager;
        
        @Autowired
        private SessionRegistryImpl sessionReg;
    
        @Required
    	public void setSessionReg(SessionRegistryImpl sessionReg) {
    		this.sessionReg = sessionReg;
    	}
    
        @Required
        public void setAuthenticationManager(AuthenticationManager authenticationManager) {
    		this.authenticationManager = authenticationManager;
    	}
    
    
        public void performLogin(User user) {
        	Authentication authResult = new UsernamePasswordAuthenticationToken(user, user.getNickName(), user.getAuthorities());
    		SecurityContextHolder.getContext().setAuthentication(authResult);
    		
    		List<Object> list = sessionReg.getAllPrincipals();
        }
    I get absolutely empty list in the result, and it is just after the user was set into ContextHolder... I know this question was frequently asked, but please help me deal with this issue.

    Thanks in advance!

  • #2
    Setting something on the context isn't setting something on the sessionregistry. You will have to pass through the filters of spring security for that... Also why on earth are you writing your own and why are you setting something yourself?! That should be handled by spring security...

    Comment


    • #3
      Marten thank your for your help!

      But i think i didn't understand your thought..What exactly i am doing wrong, that causes list of all principals to be empty? How to configure filters to make everything work?

      I am setting user in context myself in this function, because it is responsible for autonLogin..

      Thanks in advance!

      Comment


      • #4
        Also, i reconfigured applicationContext this way:

        Code:
        <security:http auto-config="false" entry-point-ref="http403ForbiddenEntryPoint" create-session="always">
                <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"/>
                <security:session-management session-authentication-strategy-ref="sas" /> 
        	</security:http>
        	
        	<bean id="http403ForbiddenEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
        	
        	<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
                <property name="sessionRegistry" ref="sessionRegistry"/>
            </bean>
            	
            <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
                <constructor-arg ref="sessionRegistry"/>
                <property name="maximumSessions" value="1"/>
            </bean>
             
        	<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
        But actually it didn't help...

        Comment


        • #5
          Hi peterT,

          i am trying to implement the same kind of functionality. where you able to solve this? if, can you please post your configuration

          Thanks,
          Amila

          Comment


          • #6
            Why are you doing this?

            Isn't it the principal you retrieved from the SecurityContext is already authenticated? And now you're removing the currently authenticated user and replacing that with a new authenticated user?

            Code:
             public void performLogin(User user) {
                	Authentication authResult = new UsernamePasswordAuthenticationToken(user, user.getNickName(), user.getAuthorities());
            		SecurityContextHolder.getContext().setAuthentication(authResult);
            		
            		List<Object> list = sessionReg.getAllPrincipals();
                }
            Back to the title of this thread, if you need to access all principals, check this guide I wrote at http://krams915.blogspot.com/2010/12...-querying.html

            Comment

            Working...
            X