Spring security concurrent session is not working as desired -

January 15, 2013

instead of restricting 1 session per user,it restricting 1 session

whole application.

so if 1 user logged in noone can login .

here configuration

<session-management invalid-session-url="/login">         <concurrency-control error-if-maximum-exceeded="true" max-sessions="1" />      </session-management>

and added listener in web.xml.

<?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">     <!-- http security configurations -->     <http auto-config="true" use-expressions="true">         <form-login login-processing-url="/resources/j_spring_security_check"             login-page="/login" default-target-url="/index"             authentication-success-handler-ref="myauthenticationsuccesshandler"             authentication-failure-url="/login?login_error=t" />         <logout invalidate-session="true"             logout-url="/resources/j_spring_security_logout" success-handler-ref="mylogoutsuccesshandler"/>         <!-- configure these elements secure uris in application -->         <intercept-url pattern="/choices/**" access="hasrole('role_admin')" />         <intercept-url pattern="/member/**" access="isauthenticated()" />         <intercept-url pattern="/resources/**" access="permitall" />         <intercept-url pattern="/**" access="permitall" />       <session-management invalid-session-url="/login">             <concurrency-control error-if-maximum-exceeded="true"                 max-sessions="1" />         </session-management>      </http>      <!-- configure authentication mechanism -->     <authentication-manager alias="authenticationmanager">         <authentication-provider ref="customdaoauthenticationprovider">         </authentication-provider>     </authentication-manager>      <beans:bean id="myauthenticationsuccesshandler" class="com.test.connect.web.login.myauthenticationsuccesshandler"/>     <beans:bean id="mylogoutsuccesshandler" class="com.test.connect.web.login.mylogoutsuccesshandler"/>  </beans:beans>

based upon configuration provided, includes custom authenticationprovider, , problem having guess returning custom userdetails implementation not implement equals , hashcode methods.

please ensure have implemented equals , hashcode on custom userdetails implementation these methods used if user contains active sessions.

Search This Blog

Detect

Spring security concurrent session is not working as desired -

Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

jquery - Fancybox - apply a function to several elements -

An easy way to program an Android keyboard layout app -