问题
I want to be able to log out all logged in users programmatically. How do you force logout all users on some event?
回答1:
First define HttpSessionEventPublisher in web.xml
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
Then define <session-management> in your spring security.xml file.
Now, use SessionRegistry in your controller method to invalidate all sessions. Below code retrieves all active sessions.
List<SessionInformation> activeSessions = new ArrayList<SessionInformation>();
for (Object principal : sessionRegistry.getAllPrincipals()) {
for (SessionInformation session : sessionRegistry.getAllSessions(principal, false)) {
activeSessions.add(session);
}
}
On Each active session, you can call expireNow() method to expire or invalidate them.
回答2:
Ketan gives you the answer that you are looking for, if you change the second for block and use session.expireNow(); instead activeSessions.add(session); you will end up with all active sessions expired.
来源:https://stackoverflow.com/questions/14751964/how-do-you-log-out-all-logged-in-users-in-spring-security