4 Kasım 2008 Salı

How To Disable Corcurrent Logins in Spring-Security

Add the following listener to your web.xml file to keep Spring Security updated about session lifecycle events:

<listener>
<listener-class> org.springframework.security.ui.session.HttpSessionEventPublisher </listener-class>

</listener>



Then add the following line to your application context file:

<http>
...
<concurrent-session-control max-sessions="1" />
</http>



This prevents concurrent logins. A second login will cause the first to be invalidated. To prevent a second login, use following configuration:

<http>
...
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>



The second login will then be rejected.