Comments on: Acegi Concurrent Login http://www.cakesolutions.net/teamblogs/2008/05/08/acegi-concurrent-login/ void magic() { } Fri, 21 Nov 2008 12:01:20 +0000 http://wordpress.org/?v=2.5.1 By: Aleksa Vukotic http://www.cakesolutions.net/teamblogs/2008/05/08/acegi-concurrent-login/#comment-43 Aleksa Vukotic Sun, 01 Jun 2008 18:38:17 +0000 http://www.cakesolutions.net/teamblogs/2008/05/08/acegi-concurrent-login/#comment-43 Yes, you should have your own <code>UserContext</code> implementation. Following implementation has only two methods, <code>User getUser()</code>, which gets the user currently logged in, and <code>void logout()</code>, which destroys the session for user currently logged in. Here is the <code>UserContext</code> interface, and sample implementation: <code> public interface UserContext { /** * Gets the current user * @return The User object identifying the user */ User getUser(); /** * Performs logout for current user */ void logout(); } </code> <code> public class AcegiUserContext implements UserContext, InitializingBean { private static final Log logger = LogFactory.getLog(AcegiUserDetails.class); private UserService userService; private SessionRegistry sessionRegistry; public User getUser() { SecurityContext context = SecurityContextHolder.getContext(); if (context == null) return null; Authentication authentication = context.getAuthentication(); if (authentication == null) return null; String username = authentication.getPrincipal().toString(); if (authentication.getPrincipal() instanceof UserDetails) { username = ((UserDetails) authentication.getPrincipal()).getUsername(); } return this.userService.findByUsername(username); } public void logout() { SecurityContext context = SecurityContextHolder.getContext(); if (context == null) return; Authentication authentication = context.getAuthentication(); if (authentication == null) return; String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication); this.sessionRegistry.removeSessionInformation(sessionId); } public void afterPropertiesSet() throws Exception { if (this.userService == null) throw new FatalBeanException("Property [userService] of [" + getClass().getName() + "] is required."); if (this.sessionRegistry == null) throw new FatalBeanException("Property [sessionRegistry] of [" + getClass().getName() + "] is required."); } public void setUserService(UserService userService) { this.userService = userService; } public void setSessionRegistry(SessionRegistry sessionRegistry) { this.sessionRegistry = sessionRegistry; } } </code> Finally, you should create bean definition for userContext bean: <code> <bean id="userContext" class="net.cakesolutions.service.security.acegi.AcegiUserContext"> <property name="userService" ref="userService"/> <property name="sessionRegistry" ref="sessionRegistry" /> </bean> </code> SessionRegistry is the the reference to the implementation shown in the blog, and the userService is s standard service for use management. . Hope this helps, let us know how are you getting on. Yes, you should have your own UserContext implementation.
Following implementation has only two methods, User getUser(), which gets the user currently logged in, and void logout(), which destroys the session for user currently logged in.
Here is the UserContext interface, and sample implementation:

public interface UserContext {

/**
* Gets the current user
* @return The User object identifying the user
*/
User getUser();

/**
* Performs logout for current user
*/
void logout();
}


public class AcegiUserContext implements UserContext, InitializingBean {
private static final Log logger = LogFactory.getLog(AcegiUserDetails.class);

private UserService userService;
private SessionRegistry sessionRegistry;
public User getUser() {
SecurityContext context = SecurityContextHolder.getContext();
if (context == null) return null;
Authentication authentication = context.getAuthentication();
if (authentication == null) return null;

String username = authentication.getPrincipal().toString();

if (authentication.getPrincipal() instanceof UserDetails) {
username = ((UserDetails) authentication.getPrincipal()).getUsername();
}

return this.userService.findByUsername(username);
}

public void logout() {
SecurityContext context = SecurityContextHolder.getContext();
if (context == null) return;
Authentication authentication = context.getAuthentication();
if (authentication == null) return;
String sessionId = SessionRegistryUtils.obtainSessionIdFromAuthentication(authentication);
this.sessionRegistry.removeSessionInformation(sessionId);

}

public void afterPropertiesSet() throws Exception {
if (this.userService == null) throw new FatalBeanException("Property [userService] of [" + getClass().getName() + "] is required.”);
if (this.sessionRegistry == null) throw new FatalBeanException(”Property [sessionRegistry] of [" + getClass().getName() + "] is required.”);
}

public void setUserService(UserService userService) {
this.userService = userService;
}

public void setSessionRegistry(SessionRegistry sessionRegistry) {
this.sessionRegistry = sessionRegistry;
}
}

Finally, you should create bean definition for userContext bean:

<bean id="userContext" class="net.cakesolutions.service.security.acegi.AcegiUserContext">
<property name="userService" ref="userService"/>
<property name="sessionRegistry" ref="sessionRegistry" />
</bean>

SessionRegistry is the the reference to the implementation shown in the blog, and the userService is s standard service for use management.

.

Hope this helps, let us know how are you getting on.

]]> By: Lady Raveneve http://www.cakesolutions.net/teamblogs/2008/05/08/acegi-concurrent-login/#comment-42 Lady Raveneve Fri, 30 May 2008 07:17:26 +0000 http://www.cakesolutions.net/teamblogs/2008/05/08/acegi-concurrent-login/#comment-42 Hi ! I have tried to implement your MyHttpSessionEventPublisher but am having some problems with the declaration of UserContext. May I know which package this class is suppose to be from? Am i suppose to implement my own UserContext? Your help is greatly appreciated as my app intermittently throws ConcurrentLoginException even though the user has logged out of the system. I am using JDK1.4 and acegi-security 1..0.4. Thanks ! Hi ! I have tried to implement your MyHttpSessionEventPublisher but am having some problems with the declaration of UserContext. May I know which package this class is suppose to be from? Am i suppose to implement my own UserContext?

Your help is greatly appreciated as my app intermittently throws ConcurrentLoginException even though the user has logged out of the system.

I am using JDK1.4 and acegi-security 1..0.4. Thanks !

]]>