1.修改web.xml,需要在web.xml描述文件中配置中使得o.s.s.web.session.HttpSessionEventPublisher生效,这样servelt容器将会通知Spring Security session生命周期的事件(通过HttpSessionEventPublisher)
<listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <listener> <listener-class> org.springframework.security.web.session.HttpSessionEventPublisher </listener-class> </listener>
2.修改spring-security.xml,借助于使用session注册跟踪(通过session并发控制),实现显示系统中当前活跃用户的数量。
<s:http use-expressions="true" disable-url-rewriting="true" auto-config="true"> <s:session-management invalid-session-url="/timeout"> <s:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" session-registry-ref="sessionRegistry"/> </s:session-management> </s:http> <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
3.登录过滤器修改,登录验证通过后向sessionRegistry中添加在线session
sessionRegistry.registerNewSession(token, bean);
4.在controller中调用,获取sessionRegistry中存储的用户信息
List<Object> objlist = sessionRegistry.getAllPrincipals();