tags:

views:

28

answers:

1
Q: 

How do I get the Spring Security SessionRegistry?

I can't seem to find how to get a reference to the Spring Security (V3) SessionRegistry inside of a struts action.

I've configured the listener inside of my web.xml file:

    <listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

And I've tried to use the @Autowired annotation to bring it into an action:

@Autowired
private SessionRegistry sessionRegistry;

@Override
public String execute() throws Exception {
    numberOfUsersLoggedin= sessionRegistry.getAllPrincipals().size();
    return SUCCESS;

}


public SessionRegistry getSessionRegistry() {
    return sessionRegistry;
}

public void setSessionRegistry(SessionRegistry sessionRegistry) {
    this.sessionRegistry = sessionRegistry;
}

The http configuration looks like this:

    <session-management invalid-session-url="/public/login.do?login_error=expired"
        session-authentication-error-url="/public/login.do" 
        session-fixation-protection="newSession">
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
    </session-management>

Generally I am more comfortable wiring the spring bean myself, buy not sure how this is exposed using the namespace. Each time the action executes, the session registry is null.

Can anyone point out what I am doing wrong here, or show me the way to an example?

Thanks in advance for any/all replies!

A: 

Not sure if you have referred to Session Management section in Spring Security reference documentation. It has a snippet combining namespace and custom beans.

Raghuram  2010-10-08 05:06:32
@Raghuram -- thanks for the link. I added the sessionRegistry bean to my Spring configuration, and it's no longer null in the Struts action. However, when I try to get the # of logged in users (while logged in) the value of sessionRegistry.getAllPrincipals().size(); is always 0. Am I reading the docs right? It seems like if I am using a custom login form (which I am -- authenticating against LDAP) I cannot use the namespace/auto config session management I have specified above. It seems like I have to manually configure all the session-management and concurrency-control manually?
Griff  2010-10-08 17:02:25
Looking at the on-line docs, I can't seem to figure out what the name of my authentication provider is for the myAuthFilter. I am using the namespace <authentication-manager> which doesn't provide a bean id...<authentication-manager> <authentication-provider ref='ldapProvider' /></authentication-manager>
Griff  2010-10-08 18:38:41

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?