Announcement Announcement Module
Collapse
No announcement yet.
Retrieve sessions with SessionRegistry Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Retrieve sessions with SessionRegistry

    Hello everyone,

    I've seen a post about concurency control with blazeds ans spring security.
    I'm currently working on a project which has the same configuration (Spring/flex) and almost the same security-config.xml.

    What I want to do is create a simple SessionService, injecting SessionRegistry, to retrieve users' sessions.
    I understood that to use a SessionRegistry, I must put it in the constructor of a ConcurrentSessionControlStrategy (I'm ok with that, I'm not against more control over my user session!).

    The thing is that my SessionRegistry.getAllPrincipals() return an empty list (I inject it in a "SessionService" with @Resource).
    The authentication is handled by blazeDS on a amf-login channel and act like a "black box" for me.

    I can also retrieve my current custom UserDetails through the SecurityContextHolder, but I want to retrieve All my users' session for monitoring purpose...

    I'm new to spring and flex so sorry for lacking knowledge...

    Here is my security-config file, if someone find the time to have a look at it, it would be great!

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xmlns:p="http://www.springframework.org/schema/p"
    	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
    		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
              
    	<!--********************** 
    	Security Configuration 
    	************************-->
         <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" pre-post-annotations="enabled"/>
    
         <security:authentication-manager alias="authenticationManager">
              <security:authentication-provider user-service-ref="authenticationUserService" >
                   <security:password-encoder hash="md5"/>
              </security:authentication-provider>
         </security:authentication-manager>
      
         <security:http auto-config="true" use-expressions="true" entry-point-ref="entryPoint">
              <security:session-management session-authentication-strategy-ref="sas"/>
                   <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
              </security:session-management>
         </security:http>
    
    
        <!--********************** 
    	Bean declaration 
    	************************-->
    
         <bean id="entryPoint" class="org.springframework.flex.security3.FlexAuthenticationEntryPoint"/>
    
         <bean id="authenticationUserService" class="my.package.AuthenticationManagerDaoImpl"> <!-- extends JdbcDaoImpl -->
              <property name="dataSource" ref="dataSource"/>
         </bean>
    
         <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
              <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
              <property name="maximumSessions" value="1" /> 
         </bean>
    
         <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
    
    </beans>
    Any help or explanation about how to use SessionRegistry with a lookalike configuration would be greatly appreciated !
    Last edited by Cerrebos; Apr 28th, 2012, 06:57 AM.
Working...
X