67,513
社区成员
发帖
与我相关
我的任务
分享
<!-- Spring Secutiry3配置 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- security session管理 -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<http use-expressions="true" entry-point-ref="loginUrlEntryPoint">
<intercept-url pattern="/common/error.jsp" filters="none"/>
<intercept-url pattern="/common/403.jsp" filters="none"/>
<intercept-url pattern="/checkCode.do" filters="none"/>
<intercept-url pattern="/noLogin.do" filters="none"/>
<intercept-url pattern="/sessionConcurrent.do" filters="none"/>
<intercept-url pattern="/login.do" filters="none"/>
<intercept-url pattern="/checkPwd.do" filters="none"/>
<intercept-url pattern="/js/**" filters="none" />
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/image/**" filters="none" />
<intercept-url pattern="/*.ico" filters="none" />
<intercept-url pattern="/workflow/uploadResource.do" filters="none"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<access-denied-handler ref="accessDeniedHandler"/>
<intercept-url pattern="/common/upload.do" filters="none"/>
<intercept-url pattern="/common/deleteAttachFile.do" filters="none"/>
<intercept-url pattern="/phone/**" filters="none"/>
<custom-filter ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<!-- 登录 -->
<custom-filter ref="loginFilter" before="FORM_LOGIN_FILTER" />
<!-- 退出 -->
<custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/>
<!-- session管理 防止session并发 -->
<custom-filter ref="concurentFilter" position="CONCURRENT_SESSION_FILTER"/>
<session-management session-authentication-strategy-ref="sas"/>
</http>
要把session控制添加到http标签内的
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"></beans:constructor-arg>
<beans:property name="maximumSessions" value="1"></beans:property>
<!-- 后登录的用户不能顶替前面已登录的用户
<beans:property name="exceptionIfMaximumExceeded" value="true"></beans:property>
-->
</beans:bean>
maximumSessions 控制相同用户session数量 exceptionIfMaximumExceeded控制相同用户登录是否顶替已登录用户