其中文章
package org.exam.security;
import org.exam.config.Constants;
import org.exam.domain.doc.SessionInfo;
import org.exam.repository.mongo.MongoSessionInfoRepo;
import org.springframework.context.ApplicationListener;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
public class SessionRegistryImpl implements SessionRegistry, ApplicationListener<SessionDestroyedEvent> {
private final MongoSessionInfoRepo mongoSessionInfoRepo;
private final MongoTemplate mongoTemplate;
private static final String C_SESSION_INFO = Constants.TABLE_PREFIX + "session_info";
public SessionRegistryImpl(MongoSessionInfoRepo mongoSessionInfoRepo, MongoTemplate mongoTemplate) {
this.mongoSessionInfoRepo = mongoSessionInfoRepo;
this.mongoTemplate = mongoTemplate;
}
private String getUid(Object principal) {
return (principal instanceof UserDetails) ? ((UserDetails) principal).getUsername() : principal.toString();
}
@SuppressWarnings("unchecked")
@Override
public List<Object> getAllPrincipals() {
return mongoTemplate.getCollection(C_SESSION_INFO).distinct("uid");
}
@Override
public List<SessionInformation> getAllSessions(Object principal, boolean includeExpiredSessions) {
String uid = getUid(principal);
Iterable<SessionInfo> list = includeExpiredSessions ? mongoSessionInfoRepo.findByUid(uid) : mongoSessionInfoRepo.findByUidAndExpired(uid, false);
List<SessionInformation> result = new ArrayList<>();
for (SessionInfo info : list) {
result.add(new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest()));
}
return result;
}
@Override
public SessionInformation getSessionInformation(String sessionId) {
SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId);
if (info != null) {
SessionInformation information = new SessionInformation(info.getUid(), info.getSid(), info.getLastRequest());
if (info.isExpired()) {
information.expireNow();
}
return information;
} else {
return null;
}
}
@Override
public void refreshLastRequest(String sessionId) {
SessionInfo info = mongoSessionInfoRepo.findBySid(sessionId);
info.setLastRequest(new Date());
mongoSessionInfoRepo.save(info);
}
@Override
public void registerNewSession(String sessionId, Object principal) {
SessionInfo info = new SessionInfo();
info.setSid(sessionId);
info.setUid(getUid(principal));
info.setLastRequest(new Date());
info.setExpired(false);
mongoSessionInfoRepo.save(info);
}
@Override
public void removeSessionInformation(String sessionId) {
mongoSessionInfoRepo.deleteBySid(sessionId);
}
@Override
public void onApplicationEvent(SessionDestroyedEvent event) {
removeSessionInformation(event.getId());
}
}@Document(collection = Constants.TABLE_PREFIX + "session_info")
public class SessionInfo implements Serializable {
//objectId
private String id;
//sessionId
private String sid;
//用户标识:比如登录只有用户名,那么用户名也可以作为用户标识
private String uid;
private Date lastRequest = new Date();
private boolean expired = false;
//setter,getter略
}@NoRepositoryBean
public interface MongoBaseRepo<T extends Serializable> extends PagingAndSortingRepository<T, String>, QueryDslPredicateExecutor<T> {
}public interface MongoSessionInfoRepo extends MongoBaseRepo<SessionInfo> {
SessionInfo findBySid(String sid);
List<SessionInfo> findByUid(String uid);
List<SessionInfo> findByUidAndExpired(String uid, boolean expired);
void deleteBySid(String sid);
}2.要查看用户session列表,直接使用mongoSessionInfoRepo去查就可以.
3.下线用户(踢出用户).只需要将过期设置true就可以,用户下次请求就会被登出.
@RequestMapping("logout")
public String logout(String sid) {
SessionInfo info = mongoSessionInfoRepo.findBySid(sid);
info.setExpired(true);
mongoSessionInfoRepo.save(info);
return "session/list";
}