手动注销其他用户
[英]Manually logout another user in grails
问题描述
In my application I need to programmatically logout a user, not the current one. 
在我的应用程序中,我需要以编程方式注销用户,而不是当前用户。 I was able to expire its session but this does not force a logout for that specific user. 我能够终止其会话,但这不会强制该特定用户注销。 So my question is, how can I force a logout on the user's next request? 所以我的问题是,如何强制注销用户的下一个请求? This is my code now: 现在是我的代码:
sessionRegistry.getAllPrincipals().each {
principal = it
sessionRegistry.getAllSessions(it, false).each {
if (principal.username == userSec.username) {
it.expireNow()
}
}
}
I have this in my resources.groovy: 我的资源中有这个。
sessionRegistry(SessionRegistryImpl)
sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, sessionRegistry) {
maximumSessions = -1
}
concurrentSessionFilter(ConcurrentSessionFilter){
sessionRegistry = sessionRegistry
expiredUrl = '/login/concurrentSession'
}
1 个解决方案
解决方案1
1 已采纳 2015-01-08 15:15:48
Using the session mechanismus it is not possible. 使用会话机制是不可能的。 You have to use a storage medium where you can keep the users. 您必须使用可以保留用户的存储介质。 This medium can be either an in-RAM singleton, like ConcurrentHashMap instance, or a DB, depending on your clustering architecture. 该介质可以是RAM中的单例(例如ConcurrentHashMap实例),也可以是DB,具体取决于您的群集体系结构。
Then upon each call to springSecurityService.currentUser (eg in Spring Security core plugin), you have to check if the sessionRegistry contains that user, and if not, invalidate the session or the user 然后,在每次调用springSecurityService.currentUser (例如在Spring Security核心插件中),您必须检查sessionRegistry包含该用户,如果不包含该用户,则使该会话或该用户无效
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.