[英]Manage user logged in sessions in Spring MVC + AngularJS
I was making an application with Spring which is providing the backend with the REST Api's and Angular managing the views part of the Application. 我使用Spring制作了一个应用程序,该应用程序为后端提供了REST Api和Angular来管理应用程序的视图部分。 I had a couple of questions.
我有几个问题。
I was thinking of maintaining a sessions in the app so that I can track the logged in Users and also know when they logout and other things. 我当时正在考虑在应用程序中维护会话,以便可以跟踪已登录的用户,还可以知道他们何时注销以及其他情况。 Moreover the Api's should be authenticated using token.
此外,应该使用令牌对Api进行身份验证。
My setup is Spring + Angular and PostgreSQL for Database and Hibernate as ORM. 我的设置是用于数据库的Spring + Angular和PostgreSQL,以及作为ORM的Hibernate。
Take a look into Spring security framework: 看一下Spring安全框架:
Then, in your code, do something like this: 然后,在您的代码中,执行以下操作:
import org.springframework.context.ApplicationListener;
@Component
public class myLoginListener implements ApplicationListener<ApplicationEvent> {
public void onApplicationEvent(ApplicationEvent appEvent)
{
if (appEvent instanceof AuthenticationSuccessEvent)
{
AuthenticationSuccessEvent event = (AuthenticationSuccessEvent) appEvent;
UserDetails userDetails = (UserDetails) event.getAuthentication().getPrincipal();
//track the logged in Users here ....
}
}
2.To track logout - write a listener by implementing HttpSessionListener and use Spring Security as below.. 2.要跟踪注销 -通过实现HttpSessionListener编写侦听器并使用Spring Security ,如下所示。
sessionDestroyed() will be called just before the session is going to destroyed. sessionDestroyed()将在会话即将销毁之前被调用。
@Component
public class mySessionListener implements javax.servlet.http.HttpSessionListener{
@Override
public void sessionDestroyed(HttpSessionEvent se) {
HttpSession session = se.getSession();
SecurityContextImpl springSecurityContext = (SecurityContextImpl)session.getAttribute("SPRING_SECURITY_CONTEXT");
if(springSecurityContext!=null){
Authentication authentication = springSecurityContext.getAuthentication();
LdapUserDetails userDetails = (LdapUserDetailsImpl)authentication.getPrincipal();
//track user logout here
}
...
You can refer this tutorial - Secure AnugularJS applications with spring security 您可以参考本教程- 具有Spring Security的安全AnugularJS应用程序
and this tutorial from the official site . 以及本教程来自官方网站 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.