使用 Spring Security 的匿名用户计数

发布于 2024-12-06 20:42:57 字数 480 浏览 1 评论 0原文

我已经使用 Spring Security 3.0.5 成功实现了一些功能。第一个是我想要具有特定角色的用户的计数和列表。为了实现这一目标，我建立了 HttpSessionEventPublisher 以及随之而来的 spring 配置。通过这些设置，我可以轻松获取登录用户的列表，无论他们的权限级别如何 - 除非他们是匿名的 (ROLE_ANONYMOUS)。

我在安全 XML 中使用匿名标记：

<security:anonymous />

我可以调试通过 AnonymousAuthenticationFilter.doFilter 进入的匿名用户，但 SessionRegistry.registerNewSession 永远不会被调用，大多数情况下可能是因为匿名用户没有主体。

所以我只是在寻找想法。我希望能够列出匿名会话以及其他注册用户的计数。

原文

I have managed to accomplish a couple features using Spring Security 3.0.5. The first is that I want a count and list of users that have a specific role. To accomplish this I instituted the HttpSessionEventPublisher and the spring configurations that go along with it. With these settings I can easily get the list of logged in users no matter what their privilege level - unless they are anonymous (ROLE_ANONYMOUS).

I'm using the anonymous tag in my security XML:

<security:anonymous />

I can debug the anonymous users coming in though AnonymousAuthenticationFilter.doFilter but the SessionRegistry.registerNewSession never gets called for these, most likely because there is no principal for anonymous users.

So I'm just looking for ideas. I would love to be able to list the count for the sessions that are anonymous, along with other registered users.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

冷夜 2024-12-13 20:42:57

您可以扩展 AnonymousAuthenticationFilter 并覆盖 createAuthentication 方法（它用于覆盖）。

然后，由于仅在新的匿名身份验证上调用此方法，因此每当调用它时，您都可以在某处增加计数器，或者以任何方便的方式对它们进行计数。您只需要计算对该方法的调用次数即可。

回复收藏 0 原文

二智少女 2024-12-13 20:42:57

这是在 Spring Security 中计算匿名数的实现。

public class ProxyAuthenticationFilter extends AnonymousAuthenticationFilter {

        private String key = "key";

        public ProxyAuthenticationFilter() {
            super(key);
        }

        public ProxyAuthenticationFilter(String key, Object principal, List<GrantedAuthority> authorities) {
    super(key, principal, authorities);
        }

        @Override
        protected Authentication createAuthentication(HttpServletRequest request) {

            // do increment and store somewhere 

            return super.createAuthentication(request);
        }
}


@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.anonymous().authenticationFilter(proxyAuthenticationFilter());
        }

        @Bean
        protected ProxyAuthenticationFilter proxyAuthenticationFilter() {
            return new ProxyAuthenticationFilter();
        }
    }
}

Here's an implementation of counting anonymous's in Spring Security.

public class ProxyAuthenticationFilter extends AnonymousAuthenticationFilter {

        private String key = "key";

        public ProxyAuthenticationFilter() {
            super(key);
        }

        public ProxyAuthenticationFilter(String key, Object principal, List<GrantedAuthority> authorities) {
    super(key, principal, authorities);
        }

        @Override
        protected Authentication createAuthentication(HttpServletRequest request) {

            // do increment and store somewhere 

            return super.createAuthentication(request);
        }
}


@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.anonymous().authenticationFilter(proxyAuthenticationFilter());
        }

        @Bean
        protected ProxyAuthenticationFilter proxyAuthenticationFilter() {
            return new ProxyAuthenticationFilter();
        }
    }
}

回复收藏 0 原文

~没有更多了~