One, limit the number of user logins and session automatic hosting
1.maximumSessions: Limit number of logins
2.exceptionIfMaximumExceeded:
-
- True the same account can only be logged in once,
- To false the same account can log on multiple times if Org.springframework.security.web.session.ConcurrentSessionFilter is configured, it will kick out the previous login session
3.sessionRegistry Configuring Session Management
4.concurrentSessionFilter If you do not configure this, you will not be able to play the previous login session, an account can be logged multiple times
<bean id= "SAS" class= " Org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy "> <property name= "Maximumsessions" value= "1"/><property name= "exceptionifmaximumexceeded" value= "false" ></property> <constructor-arg> <ref bean= "sessionregistry"/></constructor-arg></bean><bean id= " Sessionregistry "class=" Org.springframework.security.core.session.SessionRegistryImpl "></bean> <bean Id= "Concurrentsessionfilter" class= "Org.springframework.security.web.session.ConcurrentSessionFilter" > < Property Name= "Sessionregistry" ref= "Sessionregistry"/></bean>
Second, inject the configured bean
Set the beans above to be configured in the following manner.
<s:http access-denied-page= "/403.jsp" auto-config= ' true ' > <s:session-management invalid-session-url= "/ login.jsp "session-authentication-strategy-ref=" SAS "/> <s:custom-filter position=" CONCURRENT_SESSION_FILTER "ref=" Concurrentsessionfilter "/> </s:http>
Third, additional ideas to inspire reference pages
Http://www.mossle.com/docs/auth/html/ch214-smart-concurrent.html
Spring Security login limit and the same account can be kicked off the previous user profile