spring Security3 配置session并发无效!
项目中配置了spring Security3 的并发session管理,一直无效,2个相同账户依然可以登录,不知道什么原因,网上搜了很很多都不行,请大牛指点!
web.xml
<!-- 让SpringSecurity 获得session 生存周期事件 -->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
applicationContext-security.xml
<!-- http安全配置 -->
<s:http auto-config="false"
entry-point-ref="authenticationProcessingFilterEntryPoint">
<s:intercept-url pattern="/common/**" filters="none" />
<s:intercept-url pattern="/css/**" filters="none" />
<s:intercept-url pattern="/images/**" filters="none" />
<s:intercept-url pattern="/scripts/**" filters="none" />
<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:session-management session-authentication-strategy-ref="sessionAuthenticationStrategy" />
<!-- Spring Security默认的Filter -->
<s:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" />
<s:custom-filter before="FORM_LOGIN_FILTER" ref="webLoginFilter" />
<s:custom-filter before="LOGOUT_FILTER" ref="webLogoutFilter" />
</s:http>
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/index.jsp" />
</bean>
<bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
<property name="maximumSessions" value="1"/>
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
启动不报错误,也看不出哪有问题。用的是spring-security-web-3.0.5.RELEASE 版本jar,在线等待!