1
我想使用spring安全來處理會話併發。我想阻止登錄相同的帳戶。到目前爲止我所做的是通過實施AuthenticationProvider的認證部分。我覆蓋authenticate()方法,我認爲現在認證過程很好。我的下一步是添加會話concurreny。我在我的Spring XML中添加了這個:春季會話併發
<beans:bean id="loginAuthenticator" class="[...]" />
<sec:http auto-config='true'>
<sec:intercept-url pattern="/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/**" access="ROLE_USER" />
<sec:form-login login-page="/login.do" login-processing-url="/j_spring_security_check" default-target-url='/home.do' always-use-default-target='true'/>
<sec:logout logout-success-url="/login.do"/>
<sec:session-management session-fixation-protection="migrateSession" session-authentication-error-url="/login.do" invalid-session-url="/login.do">
<sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</sec:session-management>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider ref='loginAuthenticator' />
</sec:authentication-manager>
我在同一個賬戶嘗試登錄,但它仍然能夠通過。你能告訴我我錯過了什麼嗎?有什麼我需要實施或擴展?我的xml配置是否錯誤?
謝謝。
編輯:登錄的要求
INFO: Initializing Coyote HTTP/1.1 on http-8080
Apr 04, 2013 4:40:15 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - displayLoginPage()
INFO : com.addressbook.security.LoginAuthenticator - ----------> authenticate() - authenticating user credentials
INFO : com.addressbook.utils.HashService - ----------> finally block hashing function
INFO : com.addressbook.security.LoginAuthenticator - ----------> username: testuser1
INFO : com.addressbook.security.LoginAuthenticator - ----------> password: 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090
INFO : com.addressbook.security.LoginAuthenticator - ----------> user xml file path: C:\Users\jlim\addressbook\xml\users.xml
INFO : com.addressbook.security.LoginAuthenticator - ----------> reached finally block fetchUsers: [[email protected], [email protected], com.
[email protected]]
INFO : com.addressbook.security.LoginAuthenticator - ----------> user exists?: true
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - showHomePage()
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - user from session: testuser1
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> contacts xml file path: C:\Users\jlim\addressbook\xml\contacts.xml
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> reached finally block fetchContactsFromXml(): [[email protected], [email protected]
2f, [email protected]]
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - displayLoginPage()
INFO : com.addressbook.security.LoginAuthenticator - ----------> authenticate() - authenticating user credentials
INFO : com.addressbook.utils.HashService - ----------> finally block hashing function
INFO : com.addressbook.security.LoginAuthenticator - ----------> username: testuser1
INFO : com.addressbook.security.LoginAuthenticator - ----------> password: 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090
INFO : com.addressbook.security.LoginAuthenticator - ----------> user xml file path: C:\Users\jlim\addressbook\xml\users.xml
INFO : com.addressbook.security.LoginAuthenticator - ----------> reached finally block fetchUsers: [[email protected], [email protected], com.a
[email protected]]
INFO : com.addressbook.security.LoginAuthenticator - ----------> user exists?: true
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - showHomePage()
INFO : com.addressbook.controllers.LoginController - ----------> LoginController - user from session: testuser1
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> contacts xml file path: C:\Users\jlim\addressbook\xml\contacts.xml
INFO : com.addressbook.dao.impl.ContactDaoImpl - ----------> reached finally block fetchContactsFromXml(): [[email protected], [email protected]
18, [email protected]]
是
@Xaerxess,你的建議已經在我的xml中,但它不工作:(請幫助 – Oneb 2013-04-02 08:12:57
你可以添加'