I have 2 roles in my system: user and admin
admin can logout any user by name.
How can I do this? I need something like this:
service.logoutUser(anotherUserName)
config looks like this:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers
....
.formLogin()
.loginProcessingUrl("/api/login")
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.rememberMe()
.key("...")
.rememberMeCookieName("...")
.userDetailsService(userDetailsService)
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutUrl("/logout")
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.permitAll();
Something like this:
import org.springframework.security.core.userdetails.User;
...
...
Set<SimpleGrantedAuthority> userRoles = new HashSet<>();
userRoles.add(new SimpleGrantedAuthority("ROLE_USER"));
User user = new User(anotherUserName, "", userRoles);
List<SessionInformation> sessions = sessionRegistry.getAllSessions(u, false);
for(SessionInformation info : infos) {
info.expireNow();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.