1.修改web.xml,需要在web.xml描述文件中配置中使得o.s.s.web.session.HttpSessionEventPublisher生效,這樣servelt容器將會通知Spring Security session生命周期的事件(通過HttpSessionEventPublisher)
<listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener>
2.修改spring-security.xml,借助於使用session注冊跟蹤(通過session並發控制),實現顯示系統中當前活躍用戶的數量。
<s:http use-expressions="true" disable-url-rewriting="true" auto-config="true"> <s:session-management invalid-session-url="/timeout"> <s:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" session-registry-ref="sessionRegistry"/> </s:session-management> </s:http> <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
3.登錄過濾器修改,登錄驗證通過后向sessionRegistry中添加在線session
sessionRegistry.registerNewSession(token, bean);
4.在controller中調用,獲取sessionRegistry中存儲的用戶信息
List<Object> objlist = sessionRegistry.getAllPrincipals();