I am using the HttpInvoker style of Spring Remoting. I want to implement a check of concurrent users to prevent user access when the total number of user allowances has been reached.
After reading many of the posts at various Spring forums, I would appreciate a little advice as to which approach to take and which would be the easiest and quickest to implement. My known choices are:
- Using standard HttpSession
Would it be possible to use something like an HttpSessionListener to control and track user sessions for all requests coming through DispatcherServlet? Would it be as simple as overriding ContextLoaderListener and DispatcherServlet to accomplish this? I have read certain threads here at the forums which stated that a unique HttpSession is created for every URL request through HttpInvoker, so the HttpSession method does not sound possible. Is this the case?
- Acegi Security
Would it make sense to use Acegi Security for the sole purpose of controlling the total number of concurrent users? I do have to implement user authentication and authorization also(possibly ROLE authorization), so Acegi sounds ideal. But how easy would it be to implement the concurrent user check using Acegi?
All comments and opinions are welcomed!