how to process single login in Acegi?

[minikiller]

when a user is logined, i want to prevent other user login my system using same user id and same password. how to process single user login in this condiction.thanks

[robmoore]

I haven't actually used it yet, but 0.8.0 contains a ConcurrentSessionController that can be used for this purpose:

http://acegisecurity.sourceforge.net...ontroller.html

FYI, the upgrade notes (http://acegisecurity.sourceforge.net...e-070-080.html) say:

If you wish to use the new ConcurrentSessionController you must declare the HttpSessionEventPublisher context listener in your web.xml

[Ben Alex]

ConcurrentSessionController is designed for ths exact purpose.

[David Carter]

Could someone please provide an example of how to configure the new ConcurrentSessionController feature?

I checked the reference doc & the 0.80 version of the contacts application, but it doesn't appear to have made it into there yet.

From reading the javadoc, it appears that you would need something like this:

Code:

   <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
      <property name="providers">
         <list>
            <ref local="daoAuthenticationProvider"/>
            <ref local="anonymousAuthenticationProvider"/>
            <ref local="rememberMeAuthenticationProvider"/>
         </list>
      </property>
      <property name="sessionController">
          <bean class="net.sf.acegisecurity.providers.ConcurrentSessionControllerImpl"/>
      </property>
      <property name="trustResolver">
          <bean class="net.sf.acegisecurity.AuthenticationTrustResolverImpl"/>
      </property>
   </bean>

Along with this in web.xml:

Code:

 <listener>
    <listener-class>net.sf.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>
</listener>

Is there anything I'm missing?

Thanks,
David

[David Carter]

I think my property nesting was incorrect in my previous post.

trustResolver is a property of sessionController, not of authenticationManager:

Code:

   <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
      <property name="providers">
         <list>
            <ref local="daoAuthenticationProvider"/>
            <ref local="anonymousAuthenticationProvider"/>
            <ref local="rememberMeAuthenticationProvider"/>
         </list>
      </property>
      <property name="sessionController">
          <bean class="net.sf.acegisecurity.providers.ConcurrentSessionControllerImpl">
	          <property name="trustResolver">
		        <bean class="net.sf.acegisecurity.AuthenticationTrustResolverImpl"/>
	          </property>
           </bean>
      </property>
   </bean>

[Ben Alex]

David, you shouldn't need to set ConcurrentSessionControllerImpl.trustResolver as it already defaults to AuthenticationTrustResolverImpl.

Is it now working for you overall?

[liva]

I declare the HttpSessionEventPublisher context listener in my web.xml, and also add the following code in my application, but it's not work yet.
Is there anything I'm missing?

Code:

<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
		<property name="providers">
		  <list>
		    <ref bean="daoAuthenticationProvider"/>
		  </list>
		</property>
		<property name="sessionController"> 
          <bean class="net.sf.acegisecurity.providers.ConcurrentSessionControllerImpl"> </bean> 
        </property> 
	</bean>

And if I don't want to declare the HttpSessionEventPublisher context listener in my web.xml, where can I declare it?(I have configured the contextConfigLocation in other xml file)

[Ben Alex]

As per the reference guide, ConcurrentSessionControllerImpl must be a separate bean definition to receive ApplicationEvents. See the reference guide section on concurrent sessions to see correct configuration.