Spring-Security 3.1 mutilple session for the same user
Hi everybody,
I am pretty new in spring framework and specially for spring-security. I am starting a new project which i want standard security but i am stuck and cannot advance for what i am trying to do. Basically, i want my application give the possibility to login in multiple browser with the same username for my client. My problem is when i try to logout, the removeUserTokens method of the PersistentTokenRepository class give me only the username as parameter. But in the database, i have multiple sessions open by the same username but i am not able to get the token or series to select the right session in DB. Do you guys have any solution for that. I searched on stackoverflow, googled and read the whole documentation but no where i can found a solution for my problem. Also, it is possible to cohabited spring-security with Vaadin framework ? Here my configuration.
Thank you very much for your help, its been 2 weeks now i searching a solution and i am starting to be tired about this problem.
Ben
spring-security.xml
PersistendTokenRepositoryServiceCode:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:global-method-security secured-annotations="enabled" /> <security:http pattern="/login" security="none"/> <security:http auto-config="true"> <security:remember-me services-ref="rememberMeServices" key="myRememberMeKey" /> <security:intercept-url pattern="/**" access="ROLE_USER" /> <security:form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check" /> <security:logout logout-success-url="/logout" /> </security:http> <!-- Declare an authentication-manager to use a custom userDetailsService --> <security:authentication-manager> <security:authentication-provider user-service-ref="customUserDetailsService"> <security:password-encoder ref="passwordEncoder" /> </security:authentication-provider> </security:authentication-manager> <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> <beans:property name="tokenRepository" ref="persistentTokenRepositoryService" /> <beans:property name="userDetailsService" ref="customUserDetailsService" /> <beans:property name="key" value="myRememberMeKey" /> <beans:property name="alwaysRemember" value="true" /> </beans:bean> database --> <beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"> <beans:constructor-arg value="256"/> </beans:bean> <beans:bean id="customUserDetailsService" class="com.nautilus.core.service.imp.AccountService"/> </beans:beans>
Code:@Component(value="persistentTokenRepositoryService") public class PersistentTokenRepositoryService implements PersistentTokenRepository { @Autowired private SessionDao sessionDao; @Override public void createNewToken(PersistentRememberMeToken token) { sessionDao.insertToken(token); } @Override public void updateToken(String series, String tokenValue, Date lastUsed) { sessionDao.updateToken(series, tokenValue, lastUsed); } @Override public PersistentRememberMeToken getTokenForSeries(String seriesId) { return sessionDao.getTokenForSeries(seriesId); } @Override public void removeUserTokens(String username) { sessionDao.removeUserTokens(username); } }
Reply With Quote