Originally Posted by
vghanshyala
Hi,
In the same spring security configuration, I am applying the concurrent session control as well. I have modified the spring security configuration file and added the following peice of code:
<beans:bean id="sessionRegistry" class="org.springframework.security.concurrent.Ses sionRegistryImpl"/>
<beans:bean id="defaultConcurrentSessionController" class="org.springframework.security.concurrent.Con currentSessionControllerImpl">
<beans:property name="maximumSessions" value="1"/>
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="exceptionIfMaximumExceeded" value="true" />
</beans:bean>
More over under the providers I am referencing the defaultConcurrentSessionController as follows:
<beans:property name="sessionController" ref="defaultConcurrentSessionController"/>
I have a couple of queries here:
1. The approach that I have mentioned above works fine in the sense that, when a user have a session already existing, he cant open a new session. In case the user tries to open a new browser and enters his credentials, he will be directed to the error page being defined in the spring security config file. How can I define a different url in this case. I read about expired-url property, but the same is not working for me. How to do the configuration for a url to be directed in case the user already has a active session?
2. The second thing is this concurrent session control works on per user that is it doesnt allow the same user to have two different sessions but allows two different users to have two sessions simultaneosly. My requirement is to allow only one session of the application irrespective of the user. How can I achieve this using spring security.
Junior Member
Sending Additional Information to custom Authentication Provider
Posting Permissions
