将旧应用程序(grails 1.3.7)升级到最新的grails版本3.1.3后,sessionRegistry保持为空。春季安全有一些变化,我试图得到它的工作,但它看起来像缺少一些东西...我使用的是spring-security-web-4.0.3.RELEASE.jar升级到Grails 3后,sessionRegistry为空,但验证正在工作
我可以通过春季安全认证,看起来一切正常。但我喜欢计算公开会议。我使用sessionRegistry.getAllPrincipals()来查找打开的会话,但现在它总是空的。
在resources.groovy:
import com.myApp.LicenceCheck
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
beans = {
sessionRegistry(SessionRegistryImpl)
sessionAuthenticationStrategy(ConcurrentSessionControlAuthenticationStrategy){
it.constructorArgs = [sessionRegistry]
maximumSessions = -1
}
concurrentSessionFilter(ConcurrentSessionFilter){
it.constructorArgs = [sessionRegistry,'/login/concurrentSession'];
}
licenceCheck(LicenceCheck)
}
BootStrap.groovy中:
SpringSecurityUtils.clientRegisterFilter('concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER)
配置在application.groovy:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.basic.realmName='myApp'
grails.plugin.springsecurity.successHandler.defaultTargetUrl='/search/'
grails.plugin.springsecurity.password.algorithm='MD5'
grails.plugin.springsecurity.password.hash.iterations = 1
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.myApp.Account'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.myApp.AccountAccountGroup'
grails.plugin.springsecurity.authority.className = 'com.myApp.AccountGroup'
grails.plugin.springsecurity.authority.nameField = 'role'
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.useSessionFixationPrevention = false
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.auth.loginFormUrl = '/login/auth'
grails.plugin.springsecurity.apf.storeLastUsername=true
grails.plugin.springsecurity.filterChain.filterNames = [
'securityContextPersistenceFilter', 'logoutFilter',
'authenticationProcessingFilter', 'concurrentSessionFilter',
'rememberMeAuthenticationFilter', 'anonymousAuthenticationFilter',
'exceptionTranslationFilter', 'filterInvocationInterceptor'
]
全成验证我想算后公开课:
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
import grails.util.Holders
class LicenceCheck implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {
void onApplicationEvent(InteractiveAuthenticationSuccessEvent event) {
def sessionRegistry = Holders.grailsApplication.mainContext.getBean('sessionRegistry')
sessionRegistry.getAllPrincipals() <= list is always empty
}
}
这是在以前的版本(与非常老的grails)工作。现在身份验证正在工作,但sessionRegistry保持空白。任何想法我失踪?
Regards,grailsfan