Announcement Announcement Module
Collapse
No announcement yet.
Spring-Security 3.1 mutilple session for the same user Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-Security 3.1 mutilple session for the same user

    Hi everybody,

    I am pretty new in spring framework and specially for spring-security. I am starting a new project which i want standard security but i am stuck and cannot advance for what i am trying to do. Basically, i want my application give the possibility to login in multiple browser with the same username for my client. My problem is when i try to logout, the removeUserTokens method of the PersistentTokenRepository class give me only the username as parameter. But in the database, i have multiple sessions open by the same username but i am not able to get the token or series to select the right session in DB. Do you guys have any solution for that. I searched on stackoverflow, googled and read the whole documentation but no where i can found a solution for my problem. Also, it is possible to cohabited spring-security with Vaadin framework ? Here my configuration.

    Thank you very much for your help, its been 2 weeks now i searching a solution and i am starting to be tired about this problem.

    Ben

    spring-security.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" 
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    	http://www.springframework.org/schema/security
    	http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    	
    	<security:global-method-security secured-annotations="enabled" />
    	<security:http pattern="/login" security="none"/>
     	
    	<security:http auto-config="true">
    		<security:remember-me services-ref="rememberMeServices" key="myRememberMeKey" />
    		<security:intercept-url pattern="/**" access="ROLE_USER" />
    		<security:form-login login-page="/login" default-target-url="/welcome"
    			authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check" />
    		<security:logout logout-success-url="/logout" />
    	</security:http>
    	
        <!-- Declare an authentication-manager to use a custom userDetailsService -->
        <security:authentication-manager>
            <security:authentication-provider
                user-service-ref="customUserDetailsService">
                <security:password-encoder ref="passwordEncoder" />
            </security:authentication-provider>
        </security:authentication-manager>
        
    	<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
    	      <beans:property name="tokenRepository" ref="persistentTokenRepositoryService" />
    	      <beans:property name="userDetailsService" ref="customUserDetailsService" />
    	      <beans:property name="key" value="myRememberMeKey" />
    	      <beans:property name="alwaysRemember" value="true" />
    	</beans:bean>
    	
            database -->
        <beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder">
        	<beans:constructor-arg value="256"/>
        </beans:bean>
            
        <beans:bean id="customUserDetailsService" class="com.nautilus.core.service.imp.AccountService"/>
    
    </beans:beans>
    PersistendTokenRepositoryService
    Code:
    @Component(value="persistentTokenRepositoryService")
    public class PersistentTokenRepositoryService implements PersistentTokenRepository
    {
    	
    	@Autowired
    	private SessionDao sessionDao;
    	
    	
    	@Override
    	public void createNewToken(PersistentRememberMeToken token)
    	{
    		sessionDao.insertToken(token);
    	}
    
    	@Override
    	public void updateToken(String series, String tokenValue, Date lastUsed)
    	{
    		sessionDao.updateToken(series, tokenValue, lastUsed);
    	}
    
    	@Override
    	public PersistentRememberMeToken getTokenForSeries(String seriesId)
    	{
    		return sessionDao.getTokenForSeries(seriesId);
    	}
    
    	@Override
    	public void removeUserTokens(String username)
    	{
    		sessionDao.removeUserTokens(username);
    	}
    
    }
Working...
X