spring 限制最大会话数；限制最大用户数 [英] spring limit max sessions ; limit max users

问题描述

我可以知道可以使用 Spring Security 来限制能够同时登录网站的最大用户数吗?

may i know possible to use spring security to limit max number of users able to login to website at the same time?

绝对不是并发会话控制参数.我想要的是例如，我想限制最多只允许 1000 个用户同时登录.如果超过该数量，则转发到说明超过最大用户数的通知页面

definately, not concurrent-session-control parameter. what i want is for instance, i want to limit maximum only allow 1000 users login same time. if more than that forward to notice page stating maximum users exceeded

推荐答案

可以通过访问 SessionRegistry 来使用 Spring Security 的并发会话控制，了解当前有多少用户登录.在 Spring Security 3 中，ConcurrentSessionControlStrategy 负责控制登录后是否允许用户创建会话.您可以扩展这个类并根据用户数量添加额外的检查:

You can use Spring Security's concurrent session control by accessing the SessionRegistry to find out how many users are currently logged in. In Spring Security 3, the ConcurrentSessionControlStrategy is responsible for controlling whether the user is allowed to create a session after logging in. You can extend this class and add an extra check based on the number of users:

public class MySessionAuthenticationStrategy extends ConcurrentSessionControlStrategy {
    int MAX_USERS = 1000; // Whatever
    SessionRegistry sr;

    public MySessionAuthenticationStrategy(SessionRegistry sr) {
        super(sr);
        this.sr = sr;
    }

    @Override
    public void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response) {
        if (sr.getAllPrincipals().size() > MAX_USERS) {
            throw new SessionAuthenticationException("Maximum number of users exceeded");
        }
        super.onAuthentication(authentication, request, response);
    }
}

然后您将其注入安全命名空间，如Spring 安全参考手册.

You would then inject this into the security namespace as described in the Spring Security reference manual.

在 Spring Security 2.0 中，并发会话控制的实现略有不同，您可以自定义 ConcurrentSessionController.

In Spring Security 2.0, the concurrent session control is implemented slightly differently and you would customize the ConcurrentSessionController instead.

这篇关于spring 限制最大会话数；限制最大用户数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！