Array of online UserDetails

**SterligovAK** · Jun 7th, 2008, 10:13 AM

When I'm trying to get all online users from SessionRegistry with

Code:

sessionRegistry.getAllPrincipals()

I get an array of strings.
But I'm using my user-service with my own class implementing UserDetailsService.

I want to get array of UserDetails, but not Strings from sessionRegistry.getAllPrincipals().

My configuration is very simple:

Code:

<security:http auto-config="true">
    	<security:intercept-url pattern="/Game/**" access="ROLE_CHARACTER" />
    	<security:intercept-url pattern="/Game/login.htm*" filters="none" />  
    	<security:intercept-url pattern="/Game/registration.htm*" filters="none"/>
		<security:form-login login-page="/Game/login.htm" default-target-url="/Game/game.htm" authentication-failure-url="/Game/login.htm?login_error=1"/>
        <security:logout logout-url="/Game/logout.htm" logout-success-url="/Game/login.htm"/>
        <security:concurrent-session-control session-registry-alias="sessionRegister" max-sessions="1" exception-if-maximum-exceeded="true" />
  	</security:http>
  	
	<security:authentication-provider user-service-ref="mwUserDetailsService">
		<security:password-encoder hash="plaintext"/>
	</security:authentication-provider>

 	<bean id="mwUserDetailsService" class="ru.mirrorworlds.util.SecurityManager" />

Maybe someone has solution for this?

PS Sorry for my english

**dreampeppers99** · Jun 7th, 2008, 08:06 PM

the "solution" of this I want to see too

**Luke Taylor** · Jun 8th, 2008, 07:59 AM

You'd have to modify SessionRegistry to use the UserDetails as the key for storing a principal's sessions, rather than the name. Or you could configure a UserCache which would allow you to access the information via the username, without having to reload the data.

**SterligovAK** · Jun 9th, 2008, 06:04 AM

I solved this problem by totally implementing ConcurrentSessionController, sessionRegister (i need it a little bit different) and SessionRegistryUtils. In SessionRegistryUtils I've just modifiend this strings:

Code:

       //if (auth.getPrincipal() instanceof UserDetails) {
       //    return ( (UserDetails)auth.getPrincipal() ).getUsername();
       //} else {
           return auth.getPrincipal();
       //}

Don't forget to implement toString in your UserDetails class.
I've set my ConcurrentSessionController by session-controller-ref

Code:

<security:authentication-manager alias="authenticationManager" session-controller-ref="mwSessionController"/>

don't forget to use spring-security-2.0.2

After creating this i found problem with session-fixation-protection i've posted it in another thread.

**memento** · Aug 21st, 2008, 07:37 AM

Originally Posted by SterligovAK

I've set my ConcurrentSessionController by session-controller-ref

Code:

<security:authentication-manager alias="authenticationManager" session-controller-ref="mwSessionController"/>

don't forget to use spring-security-2.0.2

Can anyone provide a working solution for this under spring-security-2.0.3.

The authentication-manager tag only allows the alias attribute.
So how can I wire my own ConcurrentSessionController implementation to the authentication manager?

Thanks in advance for a solution!

**Luke Taylor** · Aug 21st, 2008, 07:46 AM

The session-controller-ref attribute should be supported in 2.0.3.

**memento** · Aug 21st, 2008, 07:54 AM

Luke,

thank you for this hint. I had defined the wrong schemaLocation in my app-security.xml (was 2.0 instead of 2.0.2).

memento

Thread: Array of online UserDetails

Thread Tools

Display

Array of online UserDetails

Tags for this Thread

Posting Permissions