private Authentication fresh(Authentication authentication, ServletRequest req) { HttpServletRequest request = (HttpServletRequest) req; HttpSession session = request.getSession(false); if (session != null) { SessionRegistry sessionRegistry = (SessionRegistry) SpringBeanUtil.getBeanByName("sessionRegistry"); SessionInformation info = sessionRegistry.getSessionInformation(session.getId()); if (info != null) { // Non-expired - update last request date/time Object principal = info.getPrincipal(); if (principal instanceof org.springframework.security.core.userdetails.User) { org.springframework.security.core.userdetails.User userRefresh = (org.springframework.security.core.userdetails.User) principal; ServletContext sc = session.getServletContext(); HashSet<String> unrgas = springSecurityService.getUsersNeedRefreshGrantedAuthorities(); if (unrgas.size() > 0) { HashSet<String> loginedUsernames = new HashSet<String>(); List<Object> loggedUsers = sessionRegistry.getAllPrincipals(); for (Object lUser : loggedUsers) { if (lUser instanceof org.springframework.security.core.userdetails.User) { org.springframework.security.core.userdetails.User u = (org.springframework.security.core.userdetails.User) lUser; loginedUsernames.add(u.getUsername()); } } // 清除已经下线的但需要刷新的username for (Iterator iterator = unrgas.iterator(); iterator.hasNext(); ) { String unrgs = (String) iterator.next(); if (!loginedUsernames.contains(unrgs)) { iterator.remove(); } } if (unrgas.contains(userRefresh.getUsername())) { // 如果需要刷新权限的列表中有当前的用户,刷新登录用户权限 // FIXME:与springSecurityServiceImpl中的功能,相重复,需重构此方法和springSecurityServiceImpl MyJdbcUserDetailsManager mdudm = (MyJdbcUserDetailsManager) SpringBeanUtil.getBeanByType(MyJdbcUserDetailsManager.class); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( userRefresh, userRefresh.getPassword(), mdudm.getUserAuthorities(userRefresh.getUsername()))); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); unrgas.remove(userRefresh.getUsername()); return SecurityContextHolder.getContext().getAuthentication(); } } } } } return authentication; }
public static User getUser(String sessionID) { User user = null; if (sessionRegistry == null) { sessionRegistry = SpringContextUtils.getBean("sessionRegistry"); } if (sessionRegistry == null) { log.debug("没有从spring中获取到sessionRegistry"); return null; } SessionInformation info = sessionRegistry.getSessionInformation(sessionID); if (info == null) { log.debug("没有获取到会话ID为:" + sessionID + " 的在线用户"); return null; } user = (User) info.getPrincipal(); log.debug("获取到会话ID为:" + sessionID + " 的在线用户"); return user; }