0
我想限制用戶登錄到2個不同的瀏覽器,同一個登錄ID在同一時間。這是安全上下文。我不確定我在這裏做錯了什麼。無法限制多個登錄在不同的瀏覽器
有人可以幫忙。謝謝。
<security:http auto-config="false" lowercase-comparisons="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER" ref="formLoginFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/invalidlogin.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/accessdenied.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/logout.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**.jsp" access="ROLE_GENERIC,ROLE_USER,ROLE_ADMIN" />
<security:intercept-url pattern="/**.html" access="ROLE_GENERIC,ROLE_USER,ROLE_ADMIN" />
<security:intercept-url pattern="/**.do" access="ROLE_GENERIC,ROLE_USER,ROLE_ADMIN" />
<security:intercept-url pattern="/**" filters="none" />
<security:logout logout-success-url="/logout.jsp" invalidate-session="true" />
<security:session-management>
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.jsp" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="myAuthenticationProvider" />
</security:authentication-manager>
<bean id="formLoginFilter" class="com.company.security.myMapUsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
</bean>
<bean id="authenticationSuccessHandler" class="com.company.security.AuthenticationSuccessHandlerImpl">
<property name="defaultTargetUrl" value="/main.do" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/invalidlogin.jsp" />
</bean>
<bean id="myAuthenticationProvider" class="com.company.security.CustomUserDetailsService">
</bean>
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/sessionexpired.jsp" />
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />