Announcement Announcement Module
Collapse
No announcement yet.
Concurrency Session Management [Urgently] Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Concurrency Session Management [Urgently]

    Hello,

    I want to prevent more than user login using the same username more than one time from different browser to my application, i follow steps in documentation but i have something wrong, code you please help me in this

    My configuration

    PHP Code:
    <security:http entry-point-ref="myAuthEntryPoint">
            <
    security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"/>
            <
    security:custom-filter position="BASIC_AUTH_FILTER" ref="myAuthFilter"/>
            <
    security:session-management session-authentication-strategy-ref="sas" />
        </
    security:http>

        <
    bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
            <
    property name="sessionRegistry" ref="sessionRegistry"/>
            <
    property name="expiredUrl" value="/home.jsp?error"/>
        </
    bean>

        <
    bean id="myAuthFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
            <
    property name="authenticationManager" ref="authenticationManager"/>
            <
    property name="authenticationEntryPoint" ref="myAuthEntryPoint"/>
        </
    bean>

        <
    bean id="myAuthEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
            <
    property name="realmName" value="realnName"/>
        </
    bean>


        <
    bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
            <
    constructor-arg ref="sessionRegistry"/>
            <
    property name="maximumSessions" value="1"/>
        </
    bean>

        <
    bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>

        <
    security:authentication-manager alias="authenticationManager">
            <
    security:authentication-provider ref="ldapAuthenticationProvider" />
        </
    security:authentication-manager>

        <
    bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
            <
    constructor-arg value="ldap://xx.xx.xx.xx:389/"/>
        </
    bean>

        <
    bean id="ldapAuthenticationProvider" class="custom.provider.ldapLDAPAuthenticationProvider">
            <
    constructor-arg name="authenticator" ref="ldapAuthenticator"/>
            <
    constructor-arg name="authoritiesPopulator" ref="userDetailsServiceLdapAuthoritiesPopulator"/>
            <
    property name="userProfileBS" ref="userProfileBS" />
        </
    bean>

        <
    bean id="userDetailsServiceLdapAuthoritiesPopulator" class="custom.provider.ldap.UserDetailsServiceLdapAuthoritiesPopulator">
            <
    constructor-arg name="userService" ref="userDetailsService"/>
        </
    bean>

        <
    bean id="ldapAuthenticator" class="custom.provider.ldap.LdapAuthenticatorImpl">
            <
    property name="contextFactory" ref="contextSource" />
            <
    property name="principalPrefix" value="test\" />
            <property name="
    slaveDomainURLs">
              <list>
                <value>ldap://xx.xx.xx.xx:389/</value>
              </list>
            </property>
        </bean> 
    I am using flex with blazeDS to comunicate with server.

    I want if user login with username no one can login from different browser,
    If the same user login from the same browser during his running session, continu without problems

    what i miss or should add?

    Please i need answer urgently

    Thanks

  • #2
    Because you haven't set to throw an exception if there is a concurrent login. Now the user logs out and the other logs in. When a new request comes in vice versa...

    Comment


    • #3
      Excuse me, Could you please tell me where exactly i should add my exception?

      Comment


      • #4
        The configuration of your sessionregistry...

        Also why are you using this way of configuring and not using the namespace? Saves you a whole lot of xml...

        Comment


        • #5
          I don't know the other way, if you tell me i will be appreciated

          Comment


          • #6
            Also, where exactly i should put configuration in session registry

            Comment


            • #7
              All that is explained in the reference guide

              Also if I might suggest this book its a great book explaining things quite good and deeply.

              Comment

              Working...
              X