0

Maybe should configure session expire time or mistake is in my code?

My controller code fragment. It shows username even if its logged out.

@GetMapping("/")
  public String getProfilePage(Model model, Authentication authentication) {
    if (authentication == null) {
      return "redirect:/login";
    }
    UserDetailsImpl details = (UserDetailsImpl) authentication.getPrincipal();
    model.addAttribute("user", details.getUser());
    model.addAttribute("greeting", details.getUser().getGreeting());
    List<UserDetails> lu = sessionRegistry.getAllPrincipals()
        .stream()
        .filter(principal -> principal instanceof UserDetails)
        .map(UserDetails.class::cast)
        .collect(Collectors.toList());
    for (UserDetails l: lu){
      System.out.println(l.getUsername());
    }
    return "Profile";
  }

Cant resolve this problem for a week. There is some answer Here but it didnt helped resolving my problem.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Teramaks
  • 1

1 Answers1

0

This is how my SecurityConfig class looks like:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Qualifier("dataSource")
  @Autowired
  private DataSource dataSource;

  @Autowired
  private PasswordEncoder passwordEncoder;

  @Autowired
  private UserDetailsService userDetailsServiceImpl;

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http
        .authorizeRequests()
        .antMatchers("/expired").permitAll()
        .antMatchers("/static/**").permitAll()
        .antMatchers("/users").hasAnyAuthority("ADMIN")
        .anyRequest().permitAll()
        .and()
        .formLogin().loginPage("/login")
        .usernameParameter("login")
        .passwordParameter("password")
        .failureUrl("/login?error").permitAll()
        .defaultSuccessUrl("/")
        .and()
        .rememberMe()
        .rememberMeParameter("remember-me")
        .tokenRepository(tokenRepository())
        .and()
        .logout()
        .deleteCookies("remember-me")
        .logoutUrl("/logout")
        .logoutSuccessUrl("/login")
        .permitAll();
    http.csrf().disable();
    http
        .sessionManagement()
        .maximumSessions(1)
//        .maxSessionsPreventsLogin(false)
        .sessionRegistry(sessionRegistryImpl());
  }

  @Bean
  public SessionRegistryImpl sessionRegistryImpl() {
    return new SessionRegistryImpl();
  }

  @Bean
  public HttpSessionEventPublisher httpSessionEventPublisher() {
    return new HttpSessionEventPublisher();
  }

  @Bean
  public PersistentTokenRepository tokenRepository() {
    JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
    tokenRepository.setDataSource(dataSource);
    return tokenRepository;
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder);
  }
}

And added AppInitializer:

@Configuration
public class AppInitializer implements WebApplicationInitializer {

  @Override
  public void onStartup(ServletContext servletContext) throws ServletException {
    servletContext.addListener(HttpSessionEventPublisher.class);
  }
}
Teramaks
  • 1