使用 Keycloak 在我的 Spring-Boot 应用程序中控制用户状态(连接/断开连接)
[英]Control users status (connected/disconnected) in my Spring-Boot App with Keycloak
问题描述
I have a user-management REST application (Spring-Boot) integrated with Keycloak , and I would like to know if there is any way to see the status ( connected or disconnected ) of my clients.
我有一个与Keycloak集成的用户管理REST应用程序(Spring-Boot),我想知道是否有任何方法可以查看我的客户端的状态(已连接或已断开连接)。
I have in mind is to create a table in my database with an user-identifier and a boolean, and each time have Front make login, update the boolean to true , and when logging-out update the boolean to false .我的想法是在我的数据库中创建一个带有用户标识符和布尔值的表,并且每次让 Front 登录,将布尔值更新为true ,并在注销时将布尔值更新为false 。
But I have a problem with sessions.但是我有会话问题。 If a user does not log-out (the application is left open in the background), but the token expires, how can I control this?如果用户没有注销(应用程序在后台保持打开状态),但令牌过期,我该如何控制?
Is there a simpler way to control user states ?有没有更简单的方法来控制用户状态?
1 个解决方案
解决方案1
0 2022-07-19 13:10:38
Why don't you go session-less (user state from Jwt access-token only)?你为什么不去无会话(仅来自 Jwt 访问令牌的用户状态)?
You can have a look at those tutorials which setup various spring-boot resource servers: https://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials您可以查看那些设置各种 spring-boot 资源服务器的教程: https ://github.com/ch4mpy/spring-addons/tree/master/samples/tutorials
If user is "disconnected" client should send request without authorization header (or invalid token) and spring security context will be populated with AnonymousAuthenticationToken (if anonymous was enabled in your conf) => access will only be allowed if request path is configured with permitAll()如果用户“断开连接”,客户端应该发送没有授权标头(或无效令牌)的请求,并且 Spring 安全上下文将填充AnonymousAuthenticationToken (如果在您的 conf 中启用了匿名)=> 仅当请求路径配置为permitAll()时才允许访问permitAll()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.