Commits

Liang Yong Rui  committed bab4135

增加获取所有在线用户的功能

  • Participants
  • Parent commits 98c4e71
  • Tags 0.2

Comments (0)

Files changed (6)

File SpringSecurityTaobaoGrailsPlugin.groovy

 
 import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition
 import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+import org.springframework.security.core.session.SessionRegistryImpl
+import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy
+import org.springframework.security.web.session.ConcurrentSessionFilter
 
-import com.mingidea.security.taobao.TaobaoAuthenticationProcessingFilter
-import com.mingidea.security.taobao.TaobaoAuthenticationProvider
-import com.mingidea.security.taobao.TaobaoAuthenticationUserDetailsService
+import com.mingidea.security.taobao.*
 
 class SpringSecurityTaobaoGrailsPlugin {
     // the plugin version
 
         SpringSecurityUtils.registerProvider 'taobaoAuthenticationProvider'
         SpringSecurityUtils.registerFilter 'taobaoAuthenticationFilter', SecurityFilterPosition.OPENID_FILTER
-
+        SpringSecurityUtils.registerFilter 'concurrencySessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER
 
         taobaoAuthenticationProvider(TaobaoAuthenticationProvider) {
             appSecretMap = conf.taobao.appSecretMap
         taobaoAuthenticationUserDetailsService(TaobaoAuthenticationUserDetailsService) {
             grailsApplication = ref('grailsApplication')
         }
+        
+        sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, ref('sessionRegistry')) {
+            maximumSessions = conf.maxConcurrentSessions //default is -1 for unlimited sessions
+        }
+        
+        concurrencySessionFilter(ConcurrentSessionFilter) {
+            sessionRegistry = ref('sessionRegistry')
+        }
+        
+        sessionRegistry(SessionRegistryImpl)
     }
 
     def doWithApplicationContext = { applicationContext ->

File grails-app/conf/Config.groovy

     //
     
     root {
-        info 'stdout', 'file'
+        debug 'stdout'
     }
     appenders {
         console name:'stdout', layout:pattern(conversionPattern: '%c{2} %m%n')
 }
 
 
-// Added by the Spring Security Core plugin:
+// Added by the Spring Security Core plugin:
+grails.plugins.springsecurity.useHttpSessionEventPublisher = true 
 grails.plugins.springsecurity.userLookup.userDomainClassName = 'test.User'
 grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'test.UserRole'
 grails.plugins.springsecurity.authority.className = 'test.Role'
 grails.plugins.springsecurity.taobao.accountDomainClassName = 'test.TaobaoAccount'
-grails.plugins.springsecurity.taobao.appSecretMap = ['12260155' : '1ccf5dc3f6771ab20e37f8506d14ad68']
+//test_app_1的appkey 和 appscert
+grails.plugins.springsecurity.taobao.appSecretMap = ['12264981' : '4aaaabc0a7057c3fd36b8de889d4aa65']
 
 grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
 grails.plugins.springsecurity.interceptUrlMap = [

File grails-app/conf/DefaultTaobaoSecurityConfig.groovy

 security {
+    maxConcurrentSessions = -1
     taobao {
         //appKey -> appSecret
         appSecretMap = [:]

File grails-app/controllers/test/TestController.groovy

 package test
 
+import grails.converters.JSON
+
+import com.mingidea.security.taobao.util.ExSpringSecurityUtils
+
 class TestController {
 
-    def index = { render params}
+    def index = { render params}
+    
+    def testGetAllLoggedInUsers = {
+        render ExSpringSecurityUtils.getAllPrincipals() as JSON
+    }
 }

File lib/spring-security-taobao-0.1.jar

Binary file modified.

File src/groovy/com/mingidea/security/taobao/util/ExSpringSecurityUtils.groovy

+package com.mingidea.security.taobao.util
+
+import org.codehaus.groovy.grails.commons.ApplicationHolder
+import org.springframework.context.ApplicationContext
+import org.springframework.security.core.session.SessionRegistry
+
+/**
+ * 扩展SpringSecurityUtils的功能
+ * @return
+ */
+class ExSpringSecurityUtils {
+    /**
+     * 注意:必须启用<a href="http://bit.ly/jLdsEx">HttpSessionEventPublisher</a>
+     * 否则无法注销过期的Session,配置Spring Security Grails Plugin的useHttpSessionEventPublisher=true既可
+     * @return
+     */
+    static List getAllPrincipals() {
+        ApplicationContext appContext = ApplicationHolder.application.mainContext
+        SessionRegistry sessionRegistry = appContext.getBean('sessionRegistry')
+        return sessionRegistry.getAllPrincipals()
+    }
+}