我有一个自定义的RegisterSessionAuthenticationStrategy和我正在使用CompositeSessionAuthenticationStrategy和exceptionIfMaximumExceeded = false。
我有以下情况:
我希望第一个会话将被销毁,但它们都会保持活跃状态。
我到达SessionRegistry.registerNewSession会话#1已设置已过期,但我从未获得SessionDestroyedEvent。
的security.xml
<security:session-management
session-authentication-strategy-ref="sas" />
</security:http>
<bean id="sas"
class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<list>
<bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="clusteredSessionRegistryImpl" />
<property name="maximumSessions" value="1" />
<property name="exceptionIfMaximumExceeded" value="false" />
</bean>
<bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="clusteredSessionRegistryImpl" />
</bean>
</list>
</constructor-arg>
</bean>