1、限制用戶登陸數和session自動託管html
1.maximumSessions:限制登陸人數java
2.exceptionIfMaximumExceeded:web
-
- 爲true同一帳戶只能登陸一次,
- 爲false同一帳戶能夠登陸屢次若是配置了org.springframework.security.web.session.ConcurrentSessionFilter則會踢出前一個登陸的session
3.sessionRegistry配置session管理spring
4.concurrentSessionFilter若是不配置這個則踢不出上一個登陸的session,會一個帳戶能夠登陸屢次session
5.expiredUrl配置這個注入ConcurrentSessionFilter中能夠使被踢出用戶回到規定的頁面,不會提示session過時那句話jsp
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <property name="maximumSessions" value="1"/> <property name="exceptionIfMaximumExceeded" value="false"></property> <constructor-arg> <ref bean="sessionRegistry"/> </constructor-arg> </bean> <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"></bean> <bean id="concurrentSessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/home.htm"></property> </bean>
2、將配置好的bean進行注入url
將上述的bean設置好經過下述方式配置好便可spa
<s:http access-denied-page="/403.jsp" auto-config='true'> <s:session-management invalid-session-url="/login.jsp" session-authentication-strategy-ref="sas"/> <s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter" /> </s:http>
3、另附思路啓發參考網頁code
http://www.mossle.com/docs/auth/html/ch214-smart-concurrent.htmlhtm