У меня есть конфигурация Spring Security (3.1.0.RC3), как показано ниже, но sessionRegistry.getAllPrincipals()
возвращает пустой список. Что может быть не так?
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"
p:sessionRegistry-ref="sessionRegistry"
p:expiredUrl="/sessionTimeout" />
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"
p:maximumSessions="1">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
</bean>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/login" />
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:sessionAuthenticationStrategy-ref="sas"
p:authenticationManager-ref="authenticationManager"
p:authenticationFailureHandler-ref="authenticationFailureHandlerImpl"
p:authenticationSuccessHandler-ref="authenticationSuccessHandlerImpl" />
<security:http auto-config="false" entry-point-ref="authenticationEntryPoint" use-expressions="true" disable-url-rewriting="true">
<security:logout logout-success-url="/home" logout-url="/logout" />
<security:custom-filter before="PRE_AUTH_FILTER" ref="reCaptchaLoginFilter" />
<security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:session-management session-authentication-strategy-ref="sas" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="myPasswordEncoder">
<security:salt-source user-property="salt" />
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
В web.xml у меня есть слушатель:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
UPDATE
Я заметил, что использование Атмосферного Метеора создает проблему. Со стандартной конфигурацией без Meteor сессияRegister работает хорошо.
<servlet>
<servlet-name>app</servlet-name>
<servlet-class>org.atmosphere.cpr.MeteorServlet</servlet-class>
<init-param>
<param-name>org.atmosphere.servlet</param-name>
<param-value>org.springframework.web.servlet.DispatcherServlet</param-value>
</init-param>
...
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>