Java Code Examples for org.springframework.security.core.session.SessionInformation#expireNow()

The following examples show how to use org.springframework.security.core.session.SessionInformation#expireNow() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserOnlineResource.java    From albedo with GNU Lesser General Public License v3.0 6 votes vote down vote up
@PreAuthorize("@pms.hasPermission('sys_userOnline_logout')")
@Log(value = "在线用户强退")
@PutMapping("/batch-force-logout")
public Result batchForceLogout(@RequestBody Set<String> ids, HttpServletRequest request) {
	for (String id : ids) {
		UserOnline online = userOnlineService.getById(id);
		if (online == null) {
			return Result.buildFail("用户已下线");
		}
		SessionInformation sessionInformation = sessionRegistry.getSessionInformation(online.getSessionId());
		if (sessionInformation != null) {
			if (sessionInformation.getSessionId().equals(request.getSession(false).getId())) {
				return Result.buildFail("当前登陆用户无法强退");
			}
			sessionInformation.expireNow();
			redisTemplate.boundHashOps(RedisSessionRegistry.SESSIONIDS).put(online.getSessionId(), sessionInformation);
		}
		online.setStatus(OnlineStatus.off_line);
		userOnlineService.updateById(online);
	}
	return Result.buildOk("操作成功");
}
 
Example 2
Source File: UserOnlineResource.java    From albedo with GNU Lesser General Public License v3.0 6 votes vote down vote up
@PreAuthorize("@pms.hasPermission('sys_userOnline_del')")
@Log(value = "在线用户删除")
@DeleteMapping
public Result remove(@RequestBody Set<String> ids, HttpServletRequest request) {
	for (String id : ids) {
		UserOnline online = userOnlineService.getById(id);
		if (online == null) {
			return Result.buildFail("用户已下线");
		}
		try {
			SessionInformation sessionInformation = sessionRegistry.getSessionInformation(online.getSessionId());
			if (sessionInformation != null) {
				if (sessionInformation.getSessionId().equals(request.getSession(false).getId())) {
					return Result.buildFail("当前登陆用户无法删除");
				}
				sessionInformation.expireNow();
				redisTemplate.boundHashOps(RedisSessionRegistry.SESSIONIDS).put(online.getSessionId(), sessionInformation);
			}
		} catch (Exception e) {
		}
		sessionRegistry.removeSessionInformation(online.getSessionId());
		userOnlineService.removeById(online);
	}
	return Result.buildOk("操作成功");
}
 
Example 3
Source File: SpringSessionBackedSessionRegistryTest.java    From spring-session with Apache License 2.0 6 votes vote down vote up
@Test
void expireNow() {
	Session session = createSession(SESSION_ID, USER_NAME, NOW);
	when(this.sessionRepository.findById(SESSION_ID)).thenReturn(session);

	SessionInformation sessionInfo = this.sessionRegistry.getSessionInformation(SESSION_ID);
	assertThat(sessionInfo.isExpired()).isFalse();

	sessionInfo.expireNow();

	assertThat(sessionInfo.isExpired()).isTrue();
	ArgumentCaptor<Session> captor = ArgumentCaptor.forClass(Session.class);
	verify(this.sessionRepository).save(captor.capture());
	assertThat(captor.getValue().<Boolean>getAttribute(SpringSessionBackedSessionInformation.EXPIRED_ATTR))
			.isEqualTo(Boolean.TRUE);
}
 
Example 4
Source File: SessionController.java    From cola with MIT License 5 votes vote down vote up
@PostMapping("/revoke")
public ResponseEntity<String> revoke(Principal principal) {
	sessionRegistry.getAllPrincipals();
	List<SessionInformation> sessionInformations = sessionRegistry
			.getAllSessions(principal, false);
	for (SessionInformation sessionInformation : sessionInformations) {
		sessionInformation.expireNow();

		sessionRegistry.removeSessionInformation(sessionInformation
				.getSessionId());

	}
	return ResponseEntity.ok().build();
}
 
Example 5
Source File: LogoutHandlerConfig.java    From base-admin with MIT License 5 votes vote down vote up
@Override
public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
    //剔除退出用户
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    if (principal !=null){
        List<SessionInformation> allSessions = sessionRegistry.getAllSessions(principal, false);
        if (allSessions != null) {
            for (SessionInformation sessionInformation : allSessions) {
                sessionInformation.expireNow();
                sessionRegistry.removeSessionInformation(sessionInformation.getSessionId());
            }
        }
    }
}
 
Example 6
Source File: LoginController.java    From blog-sample with Apache License 2.0 5 votes vote down vote up
@GetMapping("/kick")
@ResponseBody
public String removeUserSessionByUsername(@RequestParam String username) {
    int count = 0;

    // 获取session中所有的用户信息
    List<Object> users = sessionRegistry.getAllPrincipals();
    for (Object principal : users) {
        if (principal instanceof User) {
            String principalName = ((User) principal).getUsername();
            if (principalName.equals(username)) {
                /*
                 * 获取指定用户所有的 session 信息
                 * 参数二:是否包含过期的Session
                 */
                List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
                if (null != sessionsInfo && sessionsInfo.size() > 0) {
                    for (SessionInformation sessionInformation : sessionsInfo) {
                        sessionInformation.expireNow();
                        count++;
                    }
                }
            }
        }
    }
    return "操作成功,清理session共" + count + "个";
}
 
Example 7
Source File: LoginController.java    From blog-sample with Apache License 2.0 5 votes vote down vote up
@GetMapping("/kick")
@ResponseBody
public String removeUserSessionByUsername(@RequestParam String username) {
    int count = 0;

    // 获取session中所有的用户信息
    List<Object> users = sessionRegistry.getAllPrincipals();
    for (Object principal : users) {
        if (principal instanceof User) {
            String principalName = ((User) principal).getUsername();
            if (principalName.equals(username)) {
                /*
                 * 获取指定用户所有的 session 信息
                 * 参数二:是否包含过期的Session
                 */
                List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
                if (null != sessionsInfo && sessionsInfo.size() > 0) {
                    for (SessionInformation sessionInformation : sessionsInfo) {
                        sessionInformation.expireNow();
                        count++;
                    }
                }
            }
        }
    }
    return "操作成功,清理session共" + count + "个";
}
 
Example 8
Source File: ApiController.java    From blog-sample with Apache License 2.0 5 votes vote down vote up
/**
 * 踢出指定用户
 * todo: 还需要清理持久化表,不然无法踢出自动登陆用户,我就不做了
 */
@PostMapping("/kick")
public ResultMap removeUserSessionByUsername(String username) {
    int count = 0;

    // 获取session中所有的用户信息
    List<Object> users = sessionRegistry.getAllPrincipals();
    for (Object principal : users) {
        if (principal instanceof User) {
            String principalName = ((User) principal).getUsername();
            if (principalName.equals(username)) {
                /*
                 * 获取指定用户所有的 session 信息
                 * 参数二:是否包含过期的Session
                 */
                List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
                if (null != sessionsInfo && sessionsInfo.size() > 0) {
                    for (SessionInformation sessionInformation : sessionsInfo) {
                        sessionInformation.expireNow();
                        count++;
                    }
                }
            }
        }
    }

    return new ResultMap(getClass() + ":removeUserSessionByUsername()", "操作成功,清理session共" + count + "个");
}
 
Example 9
Source File: ApiController.java    From blog-sample with Apache License 2.0 5 votes vote down vote up
/**
 * 踢出指定用户
 * todo: 还需要清理持久化表,不然无法踢出自动登陆用户,我就不做了
 */
@PostMapping("/kick")
public ResultMap removeUserSessionByUsername(String username) {
    int count = 0;

    // 获取session中所有的用户信息
    List<Object> users = sessionRegistry.getAllPrincipals();
    for (Object principal : users) {
        if (principal instanceof User) {
            String principalName = ((User) principal).getUsername();
            if (principalName.equals(username)) {
                /*
                 * 获取指定用户所有的 session 信息
                 * 参数二:是否包含过期的Session
                 */
                List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
                if (null != sessionsInfo && sessionsInfo.size() > 0) {
                    for (SessionInformation sessionInformation : sessionsInfo) {
                        sessionInformation.expireNow();
                        count++;
                    }
                }
            }
        }
    }

    return new ResultMap(getClass() + ":removeUserSessionByUsername()", "操作成功,清理session共" + count + "个");
}
 
Example 10
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}
 
Example 11
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@RequestMapping(value="/user/sessions/{sessionId}", method = RequestMethod.DELETE)
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}
 
Example 12
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}
 
Example 13
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}
 
Example 14
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@RequestMapping(value="/user/sessions/{sessionId}", method = RequestMethod.DELETE)
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}
 
Example 15
Source File: UserSessionController.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null) {
        sessionInformation.expireNow();
    }
    redirectAttrs.addFlashAttribute("message", "Session was removed");
    return "redirect:/user/sessions/";
}