Spring安全性并发会话无法正常工作

时间:2013-04-20 10:32:05

标签: session spring-security

不是限制每个用户一个会话,而是限制一个会话

整个申请。

因此,如果一个用户登录,则没有人可以登录。

这是我的配置

<session-management invalid-session-url="/login">
        <concurrency-control error-if-maximum-exceeded="true" max-sessions="1" />
     </session-management>

我甚至在web.xml中添加了监听器。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <!-- HTTP security configurations -->
    <http auto-config="true" use-expressions="true">
        <form-login login-processing-url="/resources/j_spring_security_check"
            login-page="/login" default-target-url="/index"
            authentication-success-handler-ref="myAuthenticationSuccessHandler"
            authentication-failure-url="/login?login_error=t" />
        <logout invalidate-session="true"
            logout-url="/resources/j_spring_security_logout" success-handler-ref="myLogoutSuccessHandler"/>
        <!-- Configure these elements to secure URIs in your application -->
        <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/member/**" access="isAuthenticated()" />
        <intercept-url pattern="/resources/**" access="permitAll" />
        <intercept-url pattern="/**" access="permitAll" />

     <session-management invalid-session-url="/login">
            <concurrency-control error-if-maximum-exceeded="true"
                max-sessions="1" />
        </session-management> 
    </http>

    <!-- Configure Authentication mechanism -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="customDaoAuthenticationProvider">
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="myAuthenticationSuccessHandler" class="com.test.connect.web.login.MyAuthenticationSuccessHandler"/>
    <beans:bean id="myLogoutSuccessHandler" class="com.test.connect.web.login.MyLogoutSuccessHandler"/>

</beans:beans>

2 个答案:

答案 0 :(得分:1)

根据您提供的配置(包括自定义AuthenticationProvider)以及您遇到的问题,我猜您将返回一个未正确实现equals和hashCode方法的自定义UserDetails实现。

请确保您已在任何自定义UserDetails实现上正确实现了equals和hashCode,因为这些方法用于在用户包含活动会话时查找。

答案 1 :(得分:0)

Just want to highlight here, make sure the equals and hashCode methods return is true. if the methods is not returning true it will not kill or terminate the existing session.

相关问题
最新问题