Spring security配备HttpSessionEventPublisher防用户重复登录。
pring security配置HttpSessionEventPublisher防用户重复登录
Spring security防用户重复登录
使用Spring security如何防止用户的重复登录呢?如果用户账号已登录,这时再进行第二次或多次登录,需要阻止这样的多次登录。
一.在web.xml中配置listener
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
二.在security.xml中配置Hibernate ORM提供了三种继承映射策略
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
max-sessions表示最多允许多少次重复登录。如果没有配置error-if-maximum-exceeded,那么用户账号的第二次登录会使第一次登录失效,而配置了的话,那么第二次登录会被阻止。通常的做法是阻止第二次登录。
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>
- classpath:/config/*.xml
- </param-value>
- </context-param>
- <!-- spring监听 -->
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <!-- Spring Security会话控制 -->
- <listener>
- <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
- </listener>
- <!-- Spring security Filter -->
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>