Concurrency control dont work [JSF 1.2 + Spring 3.0.5 + Spring Security 3.0.5]
Hi all
I'm trying to configure a "CONCURRENT_SESSION_FILTER", but it not work.
I have read a lot of posts, but I didnt found the fix. My user class implements "UserDetails", and the "hashCode/equals" methods.
Login method:
HibernateUserDetailsService class:Code:Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password)); SecurityContextHolder.getContext().setAuthentication(authenticate);
Code:@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { List results = getHibernateTemplate().find("from User where username = ?", new Object[]{username}); if (results.size() < 1) { throw new UsernameNotFoundException(username + "not found"); } return (UserDetails) results.get(0); }
Spring security context:
Code:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security secured-annotations="enabled" jsr250-annotations="enabled" /> <http auto-config="false" use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint" > <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter"/> <session-management session-authentication-strategy-ref="sas" /> <intercept-url pattern="/pages/**" access="isAuthenticated()" /> <intercept-url pattern="/public/**" access="permitAll" /> <intercept-url pattern="/admin/**" access="hasRole('ADMINISTRADOR')" /> <access-denied-handler error-page="/403.html"/> </http> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login.xhtml"/> <beans:property name="forceHttps" value="false"/> </beans:bean> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/error.html" /> </beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> <beans:property name="exceptionIfMaximumExceeded" value="true"/> </beans:bean> <beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="sessionAuthenticationStrategy" ref="sas" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="userDetailsService" class="com.package.HibernateUserDetailsService" /> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="sha"/> </authentication-provider> </authentication-manager> <beans:bean id="securityContext" class="org.springframework.security.core.context.SecurityContextHolder" factory-method="getContext"/> <beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener" /> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> </beans:beans>
Reply With Quote