有没有办法从数据库中注销特定用户或所有用户?
[英]is there a way to logout a specific user or all users from database?
问题描述
I am using grails 2.2 with spring security. 
我正在使用带有弹簧安全性的grails 2.2。 I am using MYSql for database. 我正在使用MySQL数据库。 I am wondering whether there is a way to logout a user or all users by clearing data in mysql database. 我想知道是否有一种方法可以通过清除mysql数据库中的数据来注销用户或所有用户。
4 个解决方案
解决方案1
3 已采纳 2019-05-19 19:21:00
I am wondering whether there is a way to logout a user or all users by clearing data in mysql database.
There isn't. 没有。 The state that represents whether a user is logged in or not generally does not even exist in the database. 通常,数据库中甚至不存在表示用户是否已登录的状态。 In a simple system that information would live in memory in the web app. 在一个简单的系统中,信息将存储在Web应用程序的内存中。 In a more sophisticated system that information might live in a separate service that the app communicates with. 在更复杂的系统中,信息可能存在于与应用程序通信的单独服务中。 That information generally would not be stored in the database. 该信息通常不会存储在数据库中。
Note that storing credentials like user names, passwords and roles in the database is a separate thing than keeping track of who is logged in. 请注意,将凭据(如用户名,密码和角色)存储在数据库中是与跟踪谁登录无关的。
I hope that helps. 希望对您有所帮助。
解决方案2
1 2019-05-19 11:27:36
If you delete the data in your DB, the users will not be able to login the NEXT TIME. 如果删除数据库中的数据,则用户将无法登录NEXT TIME。
If any current sessions are open, the users will remain logged-in, and there's no out-of-box mechanism in Spring Security to end session of specific users. 如果打开了当前会话,则用户将保持登录状态,Spring Security中没有开箱即用的机制来结束特定用户的会话。
解决方案3
0 2019-05-19 11:36:12
如果安装JavaMelody (有时可以作为grails插件使用),则应该能够看到所有活动的会话,并且可以从界面中将其删除(这将导致所有用户注销)。
解决方案4
0 2019-05-20 21:12:21
You can't do exactly what you asked because the data is not stored in your application database, as JSB said. 正如JSB所说,您无法完全按照要求执行操作,因为数据没有存储在应用程序数据库中。
You can however inspect the sessions from your webapp and invalidate some of them, which will "logout" the associated user(s). 但是,您可以从Web应用程序检查会话,并使其中的一些会话无效,这将“注销”关联的用户。 I wrote a service and controller based on the old " app-info " plugin and the "scopesInfoService". 我基于旧的“ app-info ”插件和“ scopesInfoService”编写了服务和控制器。 See the source and the blog . 请参阅源代码和博客 。
If you need a quick fix, and are deployed to Tomcat, try using the manager webapp to invalidate sessions for your webapp, although it may be tricky determining which sessions to choose if you are not already explicitly adding the username (or another identifying string) to the session 'Login' attribute upon auth success. 如果您需要快速修复并将其部署到Tomcat,请尝试使用管理器webapp使您的webapp会话无效,尽管如果您尚未显式添加用户名(或其他标识字符串)来确定要选择的会话可能会很棘手。身份验证成功后,将会话设置为会话“登录”属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.