spring security. Principals Session Inactive User Exception?

E

Evgeny Krasnov2020-10-20 19:36:38

Spring

Evgeny Krasnov, 2020-10-20 19:36:38

Greetings dear forum users.

Please tell me, here I am getting all active users at the moment

import org.springframework.security.core.userdetails.User;

@Service
public class ActiveUserService {

    @Autowired
    SessionRegistry sessionRegistry;


    public List<String > getAllActiveUser(){


        List<Object> principals = sessionRegistry.getAllPrincipals();
        User[] users = (User[]) principals.toArray(new User[0]);

        return Arrays.stream(users).filter(user -> !sessionRegistry.getAllSessions(user, false)
                .isEmpty()).map(User::getUsername).collect(Collectors.toList());

    }

}

but, if the user left the session, that is, left, then the system still shows him as active.

How to make it so that when you exit, the system stops showing it as active?

https://github.com/romanych2021/TestSession

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Evgeny Krasnov, 2020-10-23
@Favorskij

In order to solve this problem, I needed to create only one class.

package com.testsession.service;

import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.web.WebApplicationInitializer;

import javax.servlet.ServletContext;

public class MyWebAppInitializer implements WebApplicationInitializer {

    @Override
    public void onStartup(ServletContext container) {
        container.addListener(new HttpSessionEventPublisher());
    }
}

D

Dmitry Roo, 2020-10-20
@xez

Spring has a default session timeout of 30 minutes.
My hypothesis is that you just didn't wait 30 minutes.
The best way to make sure the user is logged out is to make a "logout" button that clears the session data.