0
我有一個基於spring框架的應用程序。 此應用程序允許每個用戶使用2個多個會話。殺服務器會話彈出
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/faces/pages/templates/error.xhtml" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="sas"
class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<list>
<bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
<property name="maximumSessions" value="2" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</bean>
<bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
</bean>
</list>
</constructor-arg>
</bean>
我需要當我用第二個會話登錄時,殺死第一個會話。
我用expireNow方法試過這個,但是2個會話保持活動狀態。
authenticate = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(username, password));
if (authenticate.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(authenticate);
HttpServletRequest httpReq = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
.getRequest();
HttpServletResponse httpResp = (HttpServletResponse) FacesContext.getCurrentInstance()
.getExternalContext().getResponse();
sessionAuthenticationStrategy.onAuthentication(authenticate, httpReq, httpResp);
final Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
final org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(
username, password, grantedAuthorities);
List<SessionInformation> sessions = sessionRegistry.getAllSessions(user, false);
if (sessions.size() > 1) {
sessionRegistry.getSessionInformation(sessions.get(0).getSessionId()).expireNow();
sessionRegistry.removeSessionInformation(sessions.get(0).getSessionId());
}
我該如何做到這一點!
謝謝。
那麼爲什麼首先你想要2個併發的會話...你基本上想要一個。 –
因爲如果我只有1個會話,當我嘗試在另一個地方登錄時,我會被阻止,而當我在另一個地方登錄時,我需要這個會話,關閉第一個會話並登錄到第二個地方。 –
這取決於您的配置。 –