0

I am using grails 2.2 with spring security. I am using MYSql for database. I am wondering whether there is a way to logout a user or all users by clearing data in mysql database.

kofhearts
  • 3,607
  • 8
  • 46
  • 79

4 Answers4

3

I am wondering whether there is a way to logout a user or all users by clearing data in mysql database.

There isn't. The state that represents whether a user is logged in or not generally does not even exist in the database. In a simple system that information would live in memory in the web app. In a more sophisticated system that information might live in a separate service that the app communicates with. That information generally would not be stored in the database.

Note that storing credentials like user names, passwords and roles in the database is a separate thing than keeping track of who is logged in.

I hope that helps.

Jeff Scott Brown
  • 26,804
  • 2
  • 30
  • 47
1

If you delete the data in your DB, the users will not be able to login the NEXT TIME.

If any current sessions are open, the users will remain logged-in, and there's no out-of-box mechanism in Spring Security to end session of specific users.

injecteer
  • 20,038
  • 4
  • 45
  • 89
0

If you install JavaMelody (sometimes available as a grails plugin), you should be able to see all active sessions, and you can delete them from the interface (which results in all users being logged out).

zoran119
  • 10,657
  • 12
  • 46
  • 88
0

You can't do exactly what you asked because the data is not stored in your application database, as JSB said.

You can however inspect the sessions from your webapp and invalidate some of them, which will "logout" the associated user(s). I wrote a service and controller based on the old "app-info" plugin and the "scopesInfoService". See the source and the blog.

If you need a quick fix, and are deployed to Tomcat, try using the manager webapp to invalidate sessions for your webapp, although it may be tricky determining which sessions to choose if you are not already explicitly adding the username (or another identifying string) to the session 'Login' attribute upon auth success.

jja
  • 100
  • 4