I am creating a grails application that has the spring -security-core 1.2.7.3 plugin as well as the spring -security-ui 0.2 plugin and would like to get a list of ALL users who are currently logged in (i.e. has the currently active session). Users can log in either through the login controller (daoAuthenticationProvider) or automatically through the rememberMe cookie. I executed the code below using ConcurrentSessionControlStrategy to create sessionRegistry:
in / conf / spring / resources.groovy:
import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy import org.springframework.security.web.session.ConcurrentSessionFilter import org.springframework.security.core.session.SessionRegistryImpl import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy beans = { userDetailsService(lablore.MyUserDetailsService) sessionRegistry(SessionRegistryImpl) sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, sessionRegistry) { maximumSessions = -1 } concurrentSessionFilter(ConcurrentSessionFilter){ sessionRegistry = sessionRegistry expiredUrl = '/login/concurrentSession' } }
In / plugins / spring -security-core / conf / DefaultSecurityConfig.groovy
useHttpSessionEventPublisher = true
In the controller:
controller{ def sessionRegistry action(){ def loggedInUsers = sessionRegistry.getAllPrincipals() } }
This works well for - users who log in to the login page - users logging out through the "log out" link - users whose expiration is HOWEVER, it does NOT work for users who are automatically authenticated using the rememberMe cookie. He does not see that they have a new session. If I understand correctly, this is due to the fact that RememberMeAuthenticationFilter is "further up" in the filter chain compared to the ConcurrentSessionFilter that works with SessionRegistry? Or, I messed up something with my configurations ....
Any help on how to make this work would be great!
Thanks!!
authentication spring-security cookies grails
user3311685
source share