SoFunction
Updated on 2025-04-10

SpringSecurity implementation kicks out a specified user example

In SpringSecurity, you can use SessionRegistry's implementation class SessionRegistryImpl to obtain session-related information, and you can kick out the user through this implementation class.

SpringSecurity Configuration

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    ISysUserService userService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ()
                .antMatchers("/webjars/**","/asserts/**","/login").permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .formLogin()
                 .loginPage("/login")
                 .loginProcessingUrl("/loginPost")
                 .failureUrl("/login?error=true")
                 .defaultSuccessUrl("/index")
                 .and()
                 .logout()
                 .logoutUrl("/logout")
                 .addLogoutHandler(new MyLogoutHandler())
                 .logoutSuccessUrl("/login")
                 .and()
                 .rememberMe()
                 .userDetailsService(userService)
                 .tokenRepository(jdbcTokenRepository())
                 //Save the login status time, unit is seconds
                 .tokenValiditySeconds(60*60*3)
                 .and()
                 //Close the frame option in the request header without restricting the iframe
                 .headers().frameOptions().disable()
                 //Close cross-domain
                 .and().csrf().disable()
                 .sessionManagement()
                 //Invalid session jump
                 .invalidSessionUrl("/login")
                 //Login multiple at the same time and only one is retained
                 .maximumSessions(1)
                 //Expired session jump
                 .expiredUrl("/login")
                 .sessionRegistry(sessionRegistry());
     }
     /** Register SessionRegistry*/
    @Bean
    public SessionRegistry sessionRegistry(){
        return new SessionRegistryImpl();
   	}

Controller

/** Kick out user */
    @PreAuthorize("hasRole('administrator')")
    @GetMapping("/logout/{id}")
    @ResponseBody
    public String logout(@PathVariable Long id) throws NoSuchFieldException {
    	//Query user through id        SysUser sysUser = (id);
        //Get all principal information        List<Object> allPrincipals = ();
        for (Object allPrincipal : allPrincipals) {
            User user=(User)allPrincipal;
            //Judge whether it is consistent with the user login name found by the passed id            if(().equals(())){
                List<SessionInformation> allSessions = (allPrincipal, false);
                for (SessionInformation session : allSessions) {
                	//Make the current session expire                    ();
                }
            }
        }
        return "ok";
    }

This is the article about SpringSecurity kicking out designated users. For more relevant SpringSecurity kicking out designated users, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!