我一直在阅读this article,了解如何控制单个用户的并发会话数。这是我到目前为止所得到的:
@Configuration
@EnableWebSecurity
public class SecurityAdapter extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http)
throws Exception
{
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests = http.authorizeRequests();
authorizeRequests.antMatchers(HttpMethod.OPTIONS, "**").permitAll();
authorizeRequests.antMatchers("/logon").permitAll();
authorizeRequests.anyRequest().authenticated();
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.httpBasic();
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
http.sessionManagement().maximumSessions(1);
http.sessionManagement().sessionFixation().migrateSession();
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher()
{
return new HttpSessionEventPublisher();
}
}
为了测试它,我打开两个浏览器(FireFox和Chrome)并尝试一个接一个地登录它们。我希望一旦第二个登录,第一个不再能够使用服务。但第一个仍然登录,其会话ID仍然有效。有人能帮我找到问题吗?