下面列出了org.springframework.security.core.session.SessionInformation#expireNow ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@PreAuthorize("@pms.hasPermission('sys_userOnline_logout')")
@Log(value = "在线用户强退")
@PutMapping("/batch-force-logout")
public Result batchForceLogout(@RequestBody Set<String> ids, HttpServletRequest request) {
for (String id : ids) {
UserOnline online = userOnlineService.getById(id);
if (online == null) {
return Result.buildFail("用户已下线");
}
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(online.getSessionId());
if (sessionInformation != null) {
if (sessionInformation.getSessionId().equals(request.getSession(false).getId())) {
return Result.buildFail("当前登陆用户无法强退");
}
sessionInformation.expireNow();
redisTemplate.boundHashOps(RedisSessionRegistry.SESSIONIDS).put(online.getSessionId(), sessionInformation);
}
online.setStatus(OnlineStatus.off_line);
userOnlineService.updateById(online);
}
return Result.buildOk("操作成功");
}
@PreAuthorize("@pms.hasPermission('sys_userOnline_del')")
@Log(value = "在线用户删除")
@DeleteMapping
public Result remove(@RequestBody Set<String> ids, HttpServletRequest request) {
for (String id : ids) {
UserOnline online = userOnlineService.getById(id);
if (online == null) {
return Result.buildFail("用户已下线");
}
try {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(online.getSessionId());
if (sessionInformation != null) {
if (sessionInformation.getSessionId().equals(request.getSession(false).getId())) {
return Result.buildFail("当前登陆用户无法删除");
}
sessionInformation.expireNow();
redisTemplate.boundHashOps(RedisSessionRegistry.SESSIONIDS).put(online.getSessionId(), sessionInformation);
}
} catch (Exception e) {
}
sessionRegistry.removeSessionInformation(online.getSessionId());
userOnlineService.removeById(online);
}
return Result.buildOk("操作成功");
}
@Test
void expireNow() {
Session session = createSession(SESSION_ID, USER_NAME, NOW);
when(this.sessionRepository.findById(SESSION_ID)).thenReturn(session);
SessionInformation sessionInfo = this.sessionRegistry.getSessionInformation(SESSION_ID);
assertThat(sessionInfo.isExpired()).isFalse();
sessionInfo.expireNow();
assertThat(sessionInfo.isExpired()).isTrue();
ArgumentCaptor<Session> captor = ArgumentCaptor.forClass(Session.class);
verify(this.sessionRepository).save(captor.capture());
assertThat(captor.getValue().<Boolean>getAttribute(SpringSessionBackedSessionInformation.EXPIRED_ATTR))
.isEqualTo(Boolean.TRUE);
}
@PostMapping("/revoke")
public ResponseEntity<String> revoke(Principal principal) {
sessionRegistry.getAllPrincipals();
List<SessionInformation> sessionInformations = sessionRegistry
.getAllSessions(principal, false);
for (SessionInformation sessionInformation : sessionInformations) {
sessionInformation.expireNow();
sessionRegistry.removeSessionInformation(sessionInformation
.getSessionId());
}
return ResponseEntity.ok().build();
}
@Override
public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
//剔除退出用户
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal !=null){
List<SessionInformation> allSessions = sessionRegistry.getAllSessions(principal, false);
if (allSessions != null) {
for (SessionInformation sessionInformation : allSessions) {
sessionInformation.expireNow();
sessionRegistry.removeSessionInformation(sessionInformation.getSessionId());
}
}
}
}
@GetMapping("/kick")
@ResponseBody
public String removeUserSessionByUsername(@RequestParam String username) {
int count = 0;
// 获取session中所有的用户信息
List<Object> users = sessionRegistry.getAllPrincipals();
for (Object principal : users) {
if (principal instanceof User) {
String principalName = ((User) principal).getUsername();
if (principalName.equals(username)) {
/*
* 获取指定用户所有的 session 信息
* 参数二:是否包含过期的Session
*/
List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
if (null != sessionsInfo && sessionsInfo.size() > 0) {
for (SessionInformation sessionInformation : sessionsInfo) {
sessionInformation.expireNow();
count++;
}
}
}
}
}
return "操作成功,清理session共" + count + "个";
}
@GetMapping("/kick")
@ResponseBody
public String removeUserSessionByUsername(@RequestParam String username) {
int count = 0;
// 获取session中所有的用户信息
List<Object> users = sessionRegistry.getAllPrincipals();
for (Object principal : users) {
if (principal instanceof User) {
String principalName = ((User) principal).getUsername();
if (principalName.equals(username)) {
/*
* 获取指定用户所有的 session 信息
* 参数二:是否包含过期的Session
*/
List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
if (null != sessionsInfo && sessionsInfo.size() > 0) {
for (SessionInformation sessionInformation : sessionsInfo) {
sessionInformation.expireNow();
count++;
}
}
}
}
}
return "操作成功,清理session共" + count + "个";
}
/**
* 踢出指定用户
* todo: 还需要清理持久化表,不然无法踢出自动登陆用户,我就不做了
*/
@PostMapping("/kick")
public ResultMap removeUserSessionByUsername(String username) {
int count = 0;
// 获取session中所有的用户信息
List<Object> users = sessionRegistry.getAllPrincipals();
for (Object principal : users) {
if (principal instanceof User) {
String principalName = ((User) principal).getUsername();
if (principalName.equals(username)) {
/*
* 获取指定用户所有的 session 信息
* 参数二:是否包含过期的Session
*/
List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
if (null != sessionsInfo && sessionsInfo.size() > 0) {
for (SessionInformation sessionInformation : sessionsInfo) {
sessionInformation.expireNow();
count++;
}
}
}
}
}
return new ResultMap(getClass() + ":removeUserSessionByUsername()", "操作成功,清理session共" + count + "个");
}
/**
* 踢出指定用户
* todo: 还需要清理持久化表,不然无法踢出自动登陆用户,我就不做了
*/
@PostMapping("/kick")
public ResultMap removeUserSessionByUsername(String username) {
int count = 0;
// 获取session中所有的用户信息
List<Object> users = sessionRegistry.getAllPrincipals();
for (Object principal : users) {
if (principal instanceof User) {
String principalName = ((User) principal).getUsername();
if (principalName.equals(username)) {
/*
* 获取指定用户所有的 session 信息
* 参数二:是否包含过期的Session
*/
List<SessionInformation> sessionsInfo = sessionRegistry.getAllSessions(principal, false);
if (null != sessionsInfo && sessionsInfo.size() > 0) {
for (SessionInformation sessionInformation : sessionsInfo) {
sessionInformation.expireNow();
count++;
}
}
}
}
}
return new ResultMap(getClass() + ":removeUserSessionByUsername()", "操作成功,清理session共" + count + "个");
}
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}
@RequestMapping(value="/user/sessions/{sessionId}", method = RequestMethod.DELETE)
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}
@RequestMapping(value="/user/sessions/{sessionId}", method = RequestMethod.DELETE)
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}
@DeleteMapping(value="/user/sessions/{sessionId}")
public String removeSession(@PathVariable String sessionId, RedirectAttributes redirectAttrs) {
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
if(sessionInformation != null) {
sessionInformation.expireNow();
}
redirectAttrs.addFlashAttribute("message", "Session was removed");
return "redirect:/user/sessions/";
}