spring - SpringSecurity - Concurrent Session does not work -
i implementing control of concurrent session spring security.
but when login in system chrome user , after on firefox same user, not display error message. no exception in console.
my web.xml :
<!-- ... --> <listener> <listener-class> org.springframework.security.web.session.httpsessioneventpublisher </listener-class> </listener> <!-- .... --> my security.xml :
<-- .... --> <security:http auto-config="true" use-expressions="true"> <security:intercept-url pattern="/**" access="isauthenticated()" /> <security:form-login login-page="/login" default-target-url="/home" authentication-failure-url="/login?logout=true" authentication-success-handler-ref="authenticationsuccesshandler" authentication-failure-handler-ref="authenticationfailurehandler"/> <security:logout logout-url="/j_spring_security_logout" invalidate-session="true" success-handler-ref="logouthandler"/> <security:custom-filter ref="concurrencyfilter" position="concurrent_session_filter"/> <security:session-management session-authentication-strategy-ref="concurrentsessionmanager" session-authentication-error-url="/login?msg=sessionerror"/> </security:http> <bean id="authenticationfilter" class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter"> <property name="authenticationmanager" ref="authenticationmanager"/> <property name="sessionauthenticationstrategy" ref="concurrentsessionmanager"/> </bean> <!-- authentication manager --> <security:authentication-manager alias="authenticationmanager"> <!-- custom authentication provider --> <security:authentication-provider ref="hemisphereauthenticationprovider"/> </security:authentication-manager> <bean id="sessionregistry" class="org.springframework.security.core.session.sessionregistryimpl" /> <bean id="concurrencyfilter" class="org.springframework.security.web.session.concurrentsessionfilter"> <property name="sessionregistry" ref="sessionregistry"/> <property name="expiredurl" value="/login?msg=sessionerror" /> </bean> <bean id="concurrentsessionmanager" class="org.springframework.security.web.authentication.session.concurrentsessioncontrolstrategy"> <property name="maximumsessions" value="1"/> <property name="exceptionifmaximumexceeded" value="true" /> <constructor-arg name="sessionregistry" ref="sessionregistry" /> </bean> <bean id="hemisphereauthenticationprovider" class="security.hemisphereauthenticationprovider"> <property name="userdetailsservice" ref="userdetailservice"/> </bean> <bean id="authenticationsuccesshandler" class="security.hemisphereauthenticationsuccesshandler"> <property name="defaulttargeturl" value="/home" /> <property name="alwaysusedefaulttargeturl" value="no" /> </bean> <bean id="authenticationfailurehandler" class="security.hemisphereauthenticationfailurehandler"> <property name="defaultfailureurl" value="/login" /> </bean> <bean id="logouthandler" class="security.hemispherelogouthandler"/> what doing wrong?
thanks attention!
Comments
Post a Comment