ferdio
Jun 29th, 2010, 01:41 AM
Hello Anyone
We're using Acegi 1.0.7 for concurrent login handling in our application, i.e. to prevent a user from logging to the application with the same username twice (at the same time).
Our application is deployed in 2 weblogic servers, clustered.
The application successfully blocks the 2nd user (with the same user name) when they login to the same server (as the first user). But when the 2nd user (with the same username) specifically attempts to login to the application launched from the 2nd server in the cluster, they are not blocked.
Our WebLogic admin guy has verified that the sessions is being replicated between the two WebLogic servers, i.e. when a user logs onto one WebLogic server, he sees a 'primary session' created on that server, and see's a 'secondary' session (with same id) created on the second server.
The following lines are what we are using in the application code to prevent more than one user logging in with the same username:
<listener>
<listener-class>org.acegisecurity.ui.session.HttpSessionEventPubli sher</listener-class>
</listener>
<bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilt er">
<property name="sessionRegistry"> <ref bean="sessionRegistry"/> </property>
<property name="expiredUrl" value="/"/>
</bean>
<bean id="singleSession" class="org.acegisecurity.concurrent.ConcurrentSessionCont rollerImpl">
<property name="maximumSessions" value="1"/>
<property name="exceptionIfMaximumExceeded" value="true"/>
<property name="sessionRegistry" ref="sessionRegistry"/>
</bean>
Has anybody successfully implemented this security across a cluster?
Can anybody offer any good advice.
Thanks kindly in advance.
FerdieO
We're using Acegi 1.0.7 for concurrent login handling in our application, i.e. to prevent a user from logging to the application with the same username twice (at the same time).
Our application is deployed in 2 weblogic servers, clustered.
The application successfully blocks the 2nd user (with the same user name) when they login to the same server (as the first user). But when the 2nd user (with the same username) specifically attempts to login to the application launched from the 2nd server in the cluster, they are not blocked.
Our WebLogic admin guy has verified that the sessions is being replicated between the two WebLogic servers, i.e. when a user logs onto one WebLogic server, he sees a 'primary session' created on that server, and see's a 'secondary' session (with same id) created on the second server.
The following lines are what we are using in the application code to prevent more than one user logging in with the same username:
<listener>
<listener-class>org.acegisecurity.ui.session.HttpSessionEventPubli sher</listener-class>
</listener>
<bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilt er">
<property name="sessionRegistry"> <ref bean="sessionRegistry"/> </property>
<property name="expiredUrl" value="/"/>
</bean>
<bean id="singleSession" class="org.acegisecurity.concurrent.ConcurrentSessionCont rollerImpl">
<property name="maximumSessions" value="1"/>
<property name="exceptionIfMaximumExceeded" value="true"/>
<property name="sessionRegistry" ref="sessionRegistry"/>
</bean>
Has anybody successfully implemented this security across a cluster?
Can anybody offer any good advice.
Thanks kindly in advance.
FerdieO