1、限制用户登陆数和session自动托管html
1.maximumSessions:限制登陆人数java
2.exceptionIfMaximumExceeded:web
-
- 为true同一帐户只能登陆一次,
- 为false同一帐户能够登陆屡次若是配置了org.springframework.security.web.session.ConcurrentSessionFilter则会踢出前一个登陆的session
3.sessionRegistry配置session管理spring
4.concurrentSessionFilter若是不配置这个则踢不出上一个登陆的session,会一个帐户能够登陆屡次session
5.expiredUrl配置这个注入ConcurrentSessionFilter中能够使被踢出用户回到规定的页面,不会提示session过时那句话jsp
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <property name="maximumSessions" value="1"/> <property name="exceptionIfMaximumExceeded" value="false"></property> <constructor-arg> <ref bean="sessionRegistry"/> </constructor-arg> </bean> <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"></bean> <bean id="concurrentSessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/home.htm"></property> </bean>
2、将配置好的bean进行注入url
将上述的bean设置好经过下述方式配置好便可spa
<s:http access-denied-page="/403.jsp" auto-config='true'> <s:session-management invalid-session-url="/login.jsp" session-authentication-strategy-ref="sas"/> <s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter" /> </s:http>
3、另附思路启发参考网页code
http://www.mossle.com/docs/auth/html/ch214-smart-concurrent.htmlhtm