我无法获取在线用户列表是 spring security答案

【问题标题】：I can't get a list of online users is spring security我无法获取在线用户列表是 spring security
【发布时间】：2017-12-19 00:11:18
【问题描述】：

我无法获取在线用户列表。

@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
            .realmName("GlxssSecurity")
            .and()
        .requestMatchers()
            .antMatchers("/oauth/authorize")
            .and()
        .authorizeRequests()
            .antMatchers("/oauth/authorize").authenticated()
            .and()
        .sessionManagement()
            .maximumSessions(1)
            .sessionRegistry(sessionRegistry());
}

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
    return new SecurityEvaluationContextExtension();
}

@Bean
public SessionRegistry sessionRegistry () {
    return new SessionRegistryImpl();
}

@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
    return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}

@Autowired
private  SessionRegistry sessionRegistry;

public List getAdminUsers(){
    List<Object> list = sessionRegistry.getAllPrincipals();
    log.info(list.toString());
    return list;
}

【问题讨论】：

请添加您的 SessionRegistryImpl 类
你得到了什么？ list 的值是多少？
stackoverflow.com/questions/11271449/…

标签： spring spring-boot spring-security

【解决方案1】：

@Bean
public HandshakeInterceptor handsUserInterceptor() {

    return new HandshakeInterceptor() {
        @Override
        public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> map) throws Exception {
            if (request instanceof ServletServerHttpRequest) {
                ServletServerHttpRequest servletRequest = (ServletServerHttpRequest) request;
                Principal principal = request.getPrincipal();
                User user= userService.getUserWithAuthoritiesByLogin(principal.getName()).get();
                for (Authority authority : user.getAuthorities()) {
                    if ("ROLE_ADMIN".equals(authority.getName())){
                        SecurityUtils.getLoginAdminUsers().add(user);
                        break;
                    }
                }
            }
            return true;
        }

        @Override
        public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) {

        }
    };
}

我是这样解决的，但他不太符合规范。

【讨论】：