使用Spring Security进行会话管理:并发会话 [英] Session Management using Spring Security: Concurrent sessions

问题描述

我已经使用Spring Security开发了一个Web应用程序.对于登录，它可以从LDAP访问.现在我想使用Spring Security本身来管理会话，我可以使用authentication.getName()看到username，也可以得到sessionID.

I have developed a web application using spring security. For login it gets access from LDAP. Now I want to manage the session using spring security itself, I can see by using authentication.getName() I am getting the username and I can also get the sessionID.

现在，我想确定同一用户是否正在尝试使用其他浏览器从同一系统登录，他应该收到一条消息，说他已经在其帐户中登录了.

Now I want to make sure if the same user is trying to login from the same system using some other browser he should get a message saying that he is already login in his account.

任何人都可以提出实现此目标的想法吗?

Can anyone give an idea how to achieve this ????

<security:session-management 
        invalid-session-url="/login.jsp?error=sessionExpired"
        session-authentication-error-url="/login.jsp?error=alreadyLogin">
    <security:concurrency-control 
               max-sessions="1" 
               expired-url="/login.jsp?error=sessionExpiredDuplicateLogin"
               error-if-maximum-exceeded="false" />
</security:session-management>

当我使用它并尝试使用其他浏览器登录时，出现以下错误:

When I use this and try to login using some other browser it gives me the following error:

HTTP Status 500 - Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendError() after the response has been committed
enter code here

推荐答案

我可能遗漏了一些东西，但是我尝试了下一种配置，它可以按预期工作:

I may be missing something, but I have tried the next configuration and it works as expected:

<!-- more configuration stuff -->

<sec:form-login login-page="/login.jsp"
    default-target-url="/defaultTarget.jsp"
    authentication-failure-url="/login.jsp?error=true"
    login-processing-url="/login" always-use-default-target="true" />

<sec:session-management>
    <sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</sec:session-management>

当我尝试从另一个浏览器使用同一用户登录时，它将带我到/login.jsp并显示错误消息:Maximum sessions of 1 for this principal exceeded

When I try to log in with the same user from another browser, it takes me to /login.jsp and shows the error message: Maximum sessions of 1 for this principal exceeded

您还需要将其放置在web.xml

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

这篇关于使用Spring Security进行会话管理:并发会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！