发表新帖
发表新帖

how to log a user out programmatically using spring security

后端 未结
关注
2 600
花落未央
花落未央 2020-12-28 10:48

i am using spring security v3.1.4. what i want to achieve is to have an admin be able to log out a regular user (invalidate his session). a user can only log in once at any

相关标签:
2条回答
  • 小蘑菇
    2020-12-28 11:19

    All you need is modify equals() and hashCode(). Your code will run later on. This could be helpful: http://blog.trifork.com/2014/02/28/session-timeout-and-concurrent-session-control-with-spring-security-and-spring-mvc/

    0 讨论(0)
  • 星月不相逢
    2020-12-28 11:41

    It looks like you've almost got it, but I think the problem is that you are removing the information prematurely from the SessionRegistry. The ConcurrentSessionFilter performs a check on the current session when a user makes a request, and at this point, it logs out an expired session and invalidates it. Since you have already removed the information for that session, it won't find it and will do nothing.

    Try removing the line:

    sessionRegistry.removeSessionInformation(info.getSessionId());
    0 讨论(0)
 看不清?
提交回复
热议问题