Spring Security
  1. Spring Security
  2. SEC-1530

Simplify access to SessionRegistry.getAllPrincipals()

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.3
    • Fix Version/s: 3.1.0.M1
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Windows XP, Tomcat-6 (localhost), IntelliJ

      Description

      Multiple steps are required to retrieve collection with all current authenticated users logged into the web application. Unfortunately these steps are not well documented. Trivial task to display all current active users cannot achieved easily.

      Request:

      • make session-management / concurrency-control attribute not mandatory to collect SessionRegistryImpl.registerNewSession()
      • provide documentation with sample Java code (and required entries in web.xml & applicationContext.xml) how to retrieve collection SessionRegistry.getAllPrincipals()

        Activity

        Hide
        Luke Taylor added a comment -

        SessionRegistry was originally written in order to implement concurrency control and is still a key part of that functionality. The ability to query it for the list of principals logged in is a useful side effect. Since it is possible to use the existing configuration, I don't want to change the namespace to support yet another syntax - all you need to do is set the maximum sessions to -1 to allow unlimited logins. I'll add some information to the docs on session management to point the user in this direction. The configuration required is already covered in documentation.

        Show
        Luke Taylor added a comment - SessionRegistry was originally written in order to implement concurrency control and is still a key part of that functionality. The ability to query it for the list of principals logged in is a useful side effect. Since it is possible to use the existing configuration, I don't want to change the namespace to support yet another syntax - all you need to do is set the maximum sessions to -1 to allow unlimited logins. I'll add some information to the docs on session management to point the user in this direction. The configuration required is already covered in documentation.
        Hide
        Luke Taylor added a comment -

        Docs added to session management chapter.

        Show
        Luke Taylor added a comment - Docs added to session management chapter.
        Hide
        Mark Gorokhov added a comment -

        1. Make sure that max-sessions="-1" does not conflict with spring-security-3.x.xsd; currently in 3.0 "-1" is not a valid value.
        2. Please provide example how to access SessionRegistry.

        Show
        Mark Gorokhov added a comment - 1. Make sure that max-sessions="-1" does not conflict with spring-security-3.x.xsd; currently in 3.0 "-1" is not a valid value. 2. Please provide example how to access SessionRegistry.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Mark Gorokhov
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: