private Authentication fresh(Authentication authentication, ServletRequest req) {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession session = request.getSession(false);
if (session != null) {
SessionRegistry sessionRegistry =
(SessionRegistry) SpringBeanUtil.getBeanByName("sessionRegistry");
SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
if (info != null) {
// Non-expired - update last request date/time
Object principal = info.getPrincipal();
if (principal instanceof org.springframework.security.core.userdetails.User) {
org.springframework.security.core.userdetails.User userRefresh =
(org.springframework.security.core.userdetails.User) principal;
ServletContext sc = session.getServletContext();
HashSet<String> unrgas = springSecurityService.getUsersNeedRefreshGrantedAuthorities();
if (unrgas.size() > 0) {
HashSet<String> loginedUsernames = new HashSet<String>();
List<Object> loggedUsers = sessionRegistry.getAllPrincipals();
for (Object lUser : loggedUsers) {
if (lUser instanceof org.springframework.security.core.userdetails.User) {
org.springframework.security.core.userdetails.User u =
(org.springframework.security.core.userdetails.User) lUser;
loginedUsernames.add(u.getUsername());
}
}
// 清除已经下线的但需要刷新的username
for (Iterator iterator = unrgas.iterator(); iterator.hasNext(); ) {
String unrgs = (String) iterator.next();
if (!loginedUsernames.contains(unrgs)) {
iterator.remove();
}
}
if (unrgas.contains(userRefresh.getUsername())) {
// 如果需要刷新权限的列表中有当前的用户,刷新登录用户权限
// FIXME:与springSecurityServiceImpl中的功能,相重复,需重构此方法和springSecurityServiceImpl
MyJdbcUserDetailsManager mdudm =
(MyJdbcUserDetailsManager)
SpringBeanUtil.getBeanByType(MyJdbcUserDetailsManager.class);
SecurityContextHolder.getContext()
.setAuthentication(
new UsernamePasswordAuthenticationToken(
userRefresh,
userRefresh.getPassword(),
mdudm.getUserAuthorities(userRefresh.getUsername())));
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
unrgas.remove(userRefresh.getUsername());
return SecurityContextHolder.getContext().getAuthentication();
}
}
}
}
}
return authentication;
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
// 在容器销毁时把未正常结束遗留的登录记录信息强制设置登出时间
logger.info("ServletContext destroy force setup session user logout time...");
UserLogonLogService userLogonLogService =
SpringContextHolder.getBean(UserLogonLogService.class);
GroupPropertyFilter groupPropertyFilter = new GroupPropertyFilter();
groupPropertyFilter.and(new PropertyFilter(MatchType.NU, "logoutTime", Boolean.TRUE));
List<UserLogonLog> userLogonLogs = userLogonLogService.findByFilters(groupPropertyFilter);
if (!CollectionUtils.isEmpty(userLogonLogs)) {
Set<String> sessionIdSet = new HashSet<String>();
SessionRegistry sessionRegistry = SpringContextHolder.getBean(SessionRegistry.class);
List<Object> principals = sessionRegistry.getAllPrincipals();
for (Object principal : principals) {
List<SessionInformation> sessionInformations =
sessionRegistry.getAllSessions(principal, true);
for (SessionInformation sessionInformation : sessionInformations) {
sessionIdSet.add(sessionInformation.getSessionId());
}
}
Date now = new Date();
Date yesterday = new DateTime().minusDays(1).toDate();
for (UserLogonLog userLogonLog : userLogonLogs) {
if (userLogonLog.getLogonTime().before(yesterday)) {
Date logoutTime = new DateTime(userLogonLog.getLogonTime()).plusHours(1).toDate();
userLogonLog.setLogoutTime(logoutTime);
} else {
if (sessionIdSet.contains(userLogonLog.getHttpSessionId())) {
userLogonLog.setLogoutTime(now);
} else {
continue;
}
}
logger.debug(" - Setup logout time for session ID: {}", userLogonLog.getHttpSessionId());
userLogonLog.setLogonTimeLength(
userLogonLog.getLogoutTime().getTime() - userLogonLog.getLogonTime().getTime());
userLogonLogService.save(userLogonLog);
}
}
}
public static User getUser(String sessionID) {
User user = null;
if (sessionRegistry == null) {
sessionRegistry = SpringContextUtils.getBean("sessionRegistry");
}
if (sessionRegistry == null) {
log.debug("没有从spring中获取到sessionRegistry");
return null;
}
SessionInformation info = sessionRegistry.getSessionInformation(sessionID);
if (info == null) {
log.debug("没有获取到会话ID为:" + sessionID + " 的在线用户");
return null;
}
user = (User) info.getPrincipal();
log.debug("获取到会话ID为:" + sessionID + " 的在线用户");
return user;
}
/**
* In addition to the steps from the superclass, the sessionRegistry will be updated with the new
* session information.
*/
public void onAuthentication(
Authentication authentication, HttpServletRequest request, HttpServletResponse response) {
final List<SessionInformation> sessions =
sessionRegistry.getAllSessions(authentication.getPrincipal(), false);
int sessionCount = sessions.size();
int allowedSessions = getMaximumSessionsForThisUser(authentication);
if (sessionCount < allowedSessions) {
// They haven't got too many login sessions running at present
return;
}
if (allowedSessions == -1) {
// We permit unlimited logins
return;
}
if (sessionCount == allowedSessions) {
HttpSession session = request.getSession(false);
if (session != null) {
// Only permit it though if this request is associated with one of the
// already registered sessions
for (SessionInformation si : sessions) {
if (si.getSessionId().equals(session.getId())) {
return;
}
}
}
// If the session is null, a new one will be created by the parent class,
// exceeding the allowed number
}
allowableSessionsExceeded(request, sessions, allowedSessions, sessionRegistry);
}
public static List<User> getUser(Org org, Role role) {
if (sessionRegistry == null) {
sessionRegistry = SpringContextUtils.getBean("sessionRegistry");
}
if (sessionRegistry == null) {
log.info("没有从spring中获取到sessionRegistry");
return null;
}
List<Object> users = sessionRegistry.getAllPrincipals();
List<User> result = new ArrayList<User>();
log.info("获取在线用户,org:" + org + ",role:" + role);
if (org == null && role == null) {
// 返回所有在线用户
for (Object obj : users) {
User user = (User) obj;
log.info(
"获取到会话ID为:"
+ sessionRegistry.getAllSessions(obj, false).get(0).getSessionId()
+ " 的在线用户");
result.add(user);
}
}
// 取交集
if (org != null && role != null) {
// 返回特定组织架构及其所有子机构 且 属于特定角色的在线用户
int roleId = role.getId();
List<Integer> orgIds = OrgService.getChildIds(org);
orgIds.add(org.getId());
log.info("特定组织架构及其所有子机构:" + orgIds);
for (Object obj : users) {
User user = (User) obj;
log.info(
"获取到会话ID为:"
+ sessionRegistry.getAllSessions(obj, false).get(0).getSessionId()
+ " 的在线用户");
if (orgIds.contains(user.getOrg().getId())) {
for (Role r : user.getRoles()) {
if (r.getId() == roleId) {
result.add(user);
break;
}
}
}
}
return result;
}
if (org != null) {
// 返回特定组织架构及其所有子机构的在线用户
List<Integer> ids = OrgService.getChildIds(org);
ids.add(org.getId());
log.info("特定组织架构及其所有子机构:" + ids);
for (Object obj : users) {
User user = (User) obj;
log.info(
"获取到会话ID为:"
+ sessionRegistry.getAllSessions(obj, false).get(0).getSessionId()
+ " 的在线用户");
if (ids.contains(user.getOrg().getId())) {
result.add(user);
}
}
}
if (role != null) {
// 返回属于特定角色的在线用户
int id = role.getId();
for (Object obj : users) {
User user = (User) obj;
log.info(
"获取到会话ID为:"
+ sessionRegistry.getAllSessions(obj, false).get(0).getSessionId()
+ " 的在线用户");
for (Role r : user.getRoles()) {
if (r.getId() == id) {
result.add(user);
break;
}
}
}
}
return result;
}