Java 如何在Spring Security中防止多次登录
我有下面的spring安全配置。当我在首次成功登录和注销后添加会话管理属性时,我无法再次登录。它将我重定向到身份验证失败url。如果我把它取下来,它可以正常工作。我可以成功地重新加入。会话管理有什么问题Java 如何在Spring Security中防止多次登录,java,spring,session,spring-security,Java,Spring,Session,Spring Security,我有下面的spring安全配置。当我在首次成功登录和注销后添加会话管理属性时,我无法再次登录。它将我重定向到身份验证失败url。如果我把它取下来,它可以正常工作。我可以成功地重新加入。会话管理有什么问题 <http auto-config='false' use-expressions="true"> <intercept-url pattern="/login" access="permitAll"/> <intercept
<http auto-config='false' use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<logout logout-success-url="/login.xhtml" invalidate-session="true" delete-cookies="JSESSIONID"/>
<form-login login-page="/login.xhtml"
login-processing-url="/j_spring_security_check"
default-target-url="/pages/index.xhtml"
always-use-default-target="true"
authentication-failure-url="/login.xhtml?error=true"/>
<custom-filter before="FORM_LOGIN_FILTER" ref="customAjaxControlFilter" />
<session-management invalid-session-url="/login.xhtml">
<concurrency-control error-if-maximum-exceeded="true" max-sessions="1" expired-url="/login.xhtml"/>
</session-management>
</http>
确保已将侦听器添加到web.xml文件中。必须确保在会话被销毁时通知Spring安全会话注册表。没有它,会话信息将不会从注册表中删除
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
org.springframework.security.ui.session.HttpSessionEventPublisher
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
org.springframework.security.ui.session.HttpSessionEventPublisher