而不是限制每個用戶一個會話,它限制一個會話爲春季安全併發會話未按要求工作
整個應用程序。
所以,如果一個用戶登錄沒有人可以登錄。
這裏是我的配置
<session-management invalid-session-url="/login">
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1" />
</session-management>
,我甚至在web.xml中添加監聽器。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check"
login-page="/login" default-target-url="/index"
authentication-success-handler-ref="myAuthenticationSuccessHandler"
authentication-failure-url="/login?login_error=t" />
<logout invalidate-session="true"
logout-url="/resources/j_spring_security_logout" success-handler-ref="myLogoutSuccessHandler"/>
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />
<session-management invalid-session-url="/login">
<concurrency-control error-if-maximum-exceeded="true"
max-sessions="1" />
</session-management>
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customDaoAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="myAuthenticationSuccessHandler" class="com.test.connect.web.login.MyAuthenticationSuccessHandler"/>
<beans:bean id="myLogoutSuccessHandler" class="com.test.connect.web.login.MyLogoutSuccessHandler"/>
</beans:beans>
你可以添加日誌嗎? – Michael 2013-04-21 08:55:43
你如何測試這個?不是來自同一瀏覽器,我希望? – 2013-04-22 08:29:51
@AleksandrM來自不同瀏覽器的Ya當然 – kiranreddykasa 2013-04-22 16:55:17