Announcement Announcement Module
Collapse
No announcement yet.
How to run the filter concurrentSessionController and concurrentSessionFilter ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to run the filter concurrentSessionController and concurrentSessionFilter ?

    How to run the filter concurrentSessionController and concurrentSessionFilter in Spring security 2.0.xx?

  • #2
    http://static.springframework.org/sp...urrent-session

    Comment


    • #3
      What is wrong in this config ?

      xml spring security :
      Code:
      <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
      		<security:filter-chain-map path-type="ant">
      			<security:filter-chain pattern="/**" filters="concurrentSessionFilter,httpSessionContextIntegrationFilter,exceptionTranslationFilter,authenticationProcessingFilter,logoutFilter,filterSecurityInterceptor" />
      		</security:filter-chain-map>
      	</bean>
      
      <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
              <property name="providers">
                  <list>
                      <ref local="daoAuthenticationProvider" />
                  </list>
              </property>
              <property name="sessionController">
      			<ref bean="concurrentSessionController" />
      		</property>		
          </bean>
      
      <bean id="concurrentSessionFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter">
      		<property name="sessionRegistry"><ref bean="sessionRegistry"/></property>
      		<property name="expiredUrl" value="/"/>
      	</bean>
       
          
      <!--Session controller (you must set the max value for maximum session)-->
      	<bean id="concurrentSessionController"  class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
      	<property name="maximumSessions"> 
      		<value>1</value>                
      	</property> 
      	<property name="exceptionIfMaximumExceeded" value="true"/>               
      	<property name="sessionRegistry" ref="sessionRegistry" />        
      	</bean>

      web.xml
      Code:
      <!-- Setup listeners -->
      	<!--    a) Setup a listener to connect spring with the web context -->
      	<listener>
      		<listener-class>
      			org.springframework.web.context.ContextLoaderListener
      		</listener-class>
      	</listener>	
      	
      	<!--    b) Setup Spring Security to subscribe to http session events in the web context -->
      	<listener>                
      		<listener-class>
      			org.springframework.security.ui.session.HttpSessionEventPublisher
      		</listener-class>        
      	</listener>		
          
          <filter>
      		<filter-name>filterChainProxy</filter-name>
      			<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      		</filter>
      		<filter-mapping>
      			<filter-name>filterChainProxy</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>

      Many user with the same username as the capability to login in the application with no rejected......

      What wrong ?

      Comment


      • #4
        Your AuthenticationProcessingFilter, perhaps?

        Comment


        • #5
          My AuthenticationProcessingFilter filter:

          My AuthenticationProcessingFilter filter:
          Code:
          <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
          		<property name="authenticationManager" ref="authenticationManager"/>
          		<property name="authenticationFailureUrl" value="/ca.blabla.login.Login/index.jsp?login_error=1"/>
          		<property name="defaultTargetUrl" value="/ca.blabla.workbench.Workbench/workbench.html"/>
          		<property name="filterProcessesUrl" value="/j_spring_security_check"/>
          		<property name="exceptionMappings">
                	<props>
                		<prop key="org.springframework.security.BadCredentialsException">/ca.blabla.login.Login/index.jsp?login_error=2</prop>
                		<prop key="org.springframework.security.LockedException">/ca.blabla.login.Login/index.jsp?login_error=3</prop>
                		<prop key="org.springframework.security.DisabledException">/ca.blabla.login.Login/index.jsp?login_error=4</prop>
                	</props>
                </property>	
          	</bean>

          Comment


          • #6
            Perhaps you aren't forcing the use of eager session creation in HttpSessionContextIntegrationFilter?

            It is much simpler to use the namespace configuration.

            Comment

            Working...
            X