java - Spring security redirect when maximum sessions for this principal exceeded -



java - Spring security redirect when maximum sessions for this principal exceeded -

so user login -> closes browser -> opens browser 1 more time -> error appears:

http status 401 - authentication failed: maximum sessions of 1 principal exceeded

what need capture event session invalid, remove sessions user , redirect normal login page

spring security config:

<http auto-config="true" use-expressions="true"> <session-management session-fixation-protection="migratesession"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> <intercept-url pattern="/login" access="hasrole('role_anonymous')" requires-channel="any"/> <!--<custom-filter after="concurrent_session_filter" ref="sessionexpiration" /> --> <!-- .... --> </http> <beans:bean id="sessionexpiration" class="com.test.security.sessionexpirationfilter"> <beans:property name="expiredurl"> <beans:value>/login</beans:value> </beans:property> </beans:bean>

i tried implement filter, shows session null:

public class sessionexpirationfilter implements filter, initializingbean { private string expiredurl; public void destroy() { } public void dofilter(servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception { httpservletrequest httprequest = (httpservletrequest) request; httpservletresponse httpresponse = (httpservletresponse) response; string path = httprequest.getservletpath(); httpsession session = httprequest.getsession(false); system.out.println(session); if (session == null && !httprequest.isrequestedsessionidvalid()) { securitycontextholder.getcontext().setauthentication(null); string targeturl = httprequest.getcontextpath() + expiredurl; httpresponse.sendredirect(httpresponse.encoderedirecturl(targeturl)); return; } chain.dofilter(request, response); } public void setexpiredurl(string expiredurl) { this.expiredurl = expiredurl; } }

from understood, want invalidate previous session if user's session exceeds 'max-sessions'. set property 'error-if-maximum-exceeded' false. spring security automatically invalidates previous session.

if trying different,

extend concurrentsessioncontrolstrategy class, , override 'allowablesessionsexceeded' method. specify bean reference of above 'session-authentication-strategy-ref' attribute value of 'session-management'

.

java spring spring-security

Comments

Post a Comment

Popular posts from this blog

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer -

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer - when trying request rest service @ time of response getting exception.. feb 21, 2013 2:34:49 pm com.sun.jersey.spi.container.containerresponse mapmappablecontainerexception severe: exception contained within mappablecontainerexception not mapped response, re-throwing http container java.lang.noclassdeffounderror: not initialize class net.sf.cglib.proxy.enhancer @ org.hibernate.proxy.pojo.cglib.cgliblazyinitializer.getproxyfactory(cgliblazyinitializer.java:117) @ org.hibernate.proxy.pojo.cglib.cglibproxyfactory.postinstantiate(cglibproxyfactory.java:43) @ org.hibernate.tuple.entity.pojoentitytuplizer.buildproxyfactory(pojoentitytuplizer.java:162) @ org.hibernate.tuple.entity.abstractentitytuplizer.<init>(abstractentitytuplizer.java:135) @ org.hibernate.tuple.entity.pojoentitytuplizer.<init>(pojoentitytuplizer.java:55) @ org.hibernate.tuple.e...
Read more

Accessing MATLAB's unicode strings from C -

Accessing MATLAB's unicode strings from C - how can access underlying unicode info of matlab strings through matlab engine or mex c interfaces? here's example. let's set unicode characters in utf-8 encoded file test.txt, read as fid=fopen('test.txt','r','l','utf-8'); s=fscanf(fid, '%s') in matlab. now if first feature('defaultcharacterset', 'utf-8') , c engevalstring(ep, "s") , output text file utf-8. proves matlab stores unicode internally. if mxarraytostring(enggetvariable(ep, "s")) , unicode2native(s, 'latin-1') give me in matlab: non-latin-1 characters replaced character code 26. need getting access underlying unicode info c string in unicode format (utf-8, utf-16, etc.), , preserving non-latin-1 characters. is possible? my platform os x, matlab r2012b. addendum: documentation explicitly states "[mxarraytostring()] supports multibyte encoded characters...
Read more

javascript - mongodb won't find my schema method in nested container -

javascript - mongodb won't find my schema method in nested container - i trying access method of schema stored within mixed container. here situation : have cases model can many different things, have schema each of these things stored in "casecontent" mixed property. var caseschema = mongoose.schema({ casecontent : {}, object : {type:string, default : "null"}, collision : {type : boolean, default : false} }); the casecontent property filled model of 1 of schemas, 1 exemple : var treeschema = new mongoose.schema({ applecount : {type : number, default : 3} }); treeschema.methods.dostuff = function (data) { console.log('hey, listen'); homecoming true; }; then, want utilize method of schema original container : caseschema.methods.dostuff = function (data) { if (this.casecontent.dostuff !== undefined) { this.casecontent.dostuff(); console.log('it worked'); } else { ...
Read more