How do I get the Spring Security SessionRegistry?

java session spring-security struts2
15,720

Solution 1

Not sure if you have referred to Session Management section in Spring Security reference documentation. It has a snippet combining namespace and custom beans.

Solution 2

If you are configuring Spring Security by namespace, the following attributes of concurrency-control tag can be useful for accessing SystemRegistry:

  1. session-registry-alias.
  2. session-registry-ref.

Description of each of attributes from official documentation:

session-registry-alias. It can also be useful to have a reference to the internal session registry for use in your own beans or an admin interface. You can expose the internal bean using the session-registry-alias attribute, giving it a name that you can use elsewhere in your configuration.

session-registry-ref. The user can supply their own SessionRegistry implementation using the session-registry-ref attribute. The other concurrent session control beans will be wired up to use it.

Share:
15,720
Griff
Author by

Griff

Michael Griffith is an accomplished technical professional with proven HANDS-ON experience designing developing and implementing successful solutions at Amazon scale using Java and Spring. With over twenty-five years of experience, working in 10 countries across the globe Michael has produced hardened applications as a developer, technical team leader, and system architect. He is an exceptional communicator with a capability for translating user requirements into streamlined functional specifications and efficient designs. Michael has experience in all phases of the software development life cycle, and offers a broad and in-depth understanding of complex technical issues and concepts.

Updated on June 25, 2022

Comments

  • Griff
    Griff almost 2 years

    I can't seem to find how to get a reference to the Spring Security (V3) SessionRegistry inside of a Struts action.

    I've configured the listener inside of my web.xml file:

    <listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

    And I've tried to use the @Autowired annotation to bring it into an action:

    @Autowired
private SessionRegistry sessionRegistry;

@Override
public String execute() throws Exception {
    numberOfUsersLoggedin= sessionRegistry.getAllPrincipals().size();
    return SUCCESS;       
}

public SessionRegistry getSessionRegistry() {
    return sessionRegistry;
}

public void setSessionRegistry(SessionRegistry sessionRegistry) {
    this.sessionRegistry = sessionRegistry;
}

    The http configuration looks like this:

        <session-management invalid-session-url="/public/login.do?login_error=expired"
        session-authentication-error-url="/public/login.do" 
        session-fixation-protection="newSession">
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
    </session-management>

    Generally I am more comfortable wiring the Spring bean myself, but not sure how this is exposed using the namespace. Each time the action executes, the session registry is null.

    Can anyone point out what I am doing wrong here, or show me the way to an example?

    Thanks in advance for any/all replies!

  • Griff
    Griff over 13 years
    thanks for the link. I added the sessionRegistry bean to my Spring configuration, and it's no longer null in the Struts action. However, when I try to get the # of logged in users (while logged in) the value of sessionRegistry.getAllPrincipals().size(); is always 0. Am I reading the docs right? It seems like if I am using a custom login form (which I am -- authenticating against LDAP) I cannot use the namespace/auto config session management I have specified above. It seems like I have to manually configure all the session-management and concurrency-control manually?
  • Griff
    Griff over 13 years
    Looking at the on-line docs, I can't seem to figure out what the name of my authentication provider is for the myAuthFilter. I am using the namespace <authentication-manager> which doesn't provide a bean id... <authentication-manager> <authentication-provider ref='ldapProvider' /> </authentication-manager>
  • ardatosun
    ardatosun about 5 years
    Kind of necro'ing the topic but getAllPrincipals().size()always return zero for me. How did you manage to get it working? Did you have your own implementation class of SessionRegistry?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use parameters, request and session objects present in ActionContext?
Passing variable from action class (Struts 2) to JSP
Spring Security session timeout is too short
Spring Security logout and Maximum sessions
How to get session time out message using Spring security
Listener for Session Expiration in Spring
How to integrate Spring Security and Struts2
request.getRemoteUser() sometimes returns null
spring security - is there an way to get session registry inside my application (without explicilty customizing the concurrentFilter)
How to enable session and set session timeout in Spring Security