To begin with I presume you don't want a username being able to login more than once, as that would defeat your licensing model. See these links for details of concurrent session support:
http://forum.springframework.org/viewtopic.php?t=4289
http://acegisecurity.sourceforge.net...ncurrent-login
Definitely your simplest licensing scenerio would be "named users". ie a subscriber says, "I will pay for these 3 users (Bob, Mary, Jane) to access the application". A named user model can be enforced out-of-the-box using the above concuirrent session support.
Alternatively, I think you're asking how to do "concurrent users". ie a subcriber says, "I will pay for at most up to 3 users to access the application, but any of my users are allowed to do so". Acegi Security does not offer direct support for this. Your best bet would be build a new ConcurrentSessionController implementation, as it provides two methods that are invoked during the ProviderManager authentication process:
Code:
public interface ConcurrentSessionController {
void afterAuthentication(Authentication initialAuth, Authentication result) throws AuthenticationException;
void beforeAuthentication(Authentication initialAuth) throws AuthenticationException;
}
As such, you can maintain a simple HttpSession map keyed a subscriberId. If they exceed their (presumably RDBMS-defined) concurrent user limit, the ConcurrentSessionViolationException can be thrown.
This capability is actually interesting in that others might find it beneficial. I'll mention it on the other forum thread about concurrent session support. We might be able to accommodate it as part of refactoring to that class.
Junior Member
Concurrent Login in ASP Environment
Posting Permissions
