Hi i was hoping to implement this as here but some how got lost. What i wanted to do is to prevent users from login in multiple devices/computers by adding a column is_logged_in to m_appuser table so when a user tries to login and if his credentials are correct, but is logged in another computer he is rejected from loggin in. and notified in the community-app that he is logged in another device. he should log out from there and try again.
I tried to test what i have done and here is how it behaves... a user login and the value of is_logged_in is set to 1. Which is correct but now what i want is to have a check for is_logged_in value before a user if fully authenticated. Thats my challenge. Here is my code snippet, please make some tweak and if it works, then share back. The commit is here https://github.com/Ippezrobert/incubator-fineract/commit/c49280aa8ec6659e0133004787c6e11919854dd6 <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FIppezrobert%2Fincubator-fineract%2Fcommit%2Fc49280aa8ec6659e0133004787c6e11919854dd6&sa=D&sntz=1&usg=AFQjCNEk9TnHtXAWmlwD1sLgyCIy763D1g> Thanks Regards On Wed, May 10, 2017 at 4:23 PM, Usman Khaliq <[email protected]> wrote: > Hi everyone, > > I have written the following code in the infrastructure/core/boot directory > to set the number of concurrent user sessions at 1: > > @EnableWebSecurity > @Configuration > public class WebSecurityConfig extends WebSecurityConfigurerAdapter { > > @Override > protected void configure(HttpSecurity http) throws Exception { > http > .authorizeRequests() > .anyRequest() > .authenticated() > .and() > .sessionManagement() > .maximumSessions(1) > .maxSessionsPreventsLogin(true) > .sessionRegistry(sessionRegistry()); > } > > // Work around https://jira.spring.io/browse/SEC-2855 > @Bean > public SessionRegistry sessionRegistry() { > SessionRegistry sessionRegistry = new SessionRegistryImpl(); > return sessionRegistry; > } > > @Autowired > public void configureGlobal(AuthenticationManagerBuilder auth) throws > Exception { > auth > .inMemoryAuthentication() > .withUser("mifos").password("password").roles("USER"); > } > > // Register HttpSessionEventPublisher > @Bean > public static ServletListenerRegistrationBean > httpSessionEventPublisher() { > return new ServletListenerRegistrationBean(new > HttpSessionEventPublisher()); > } > } > > I have also registered the Spring Security filter created above in the > AbstractSecurityWebApplicationInitializer in the infrastructure/core/boot > directory as follows: > > public class SecurityWebApplicationInitializer > extends AbstractSecurityWebApplicationInitializer { > protected Class<?>[] getRootConfigClasses() { > return new Class[] { WebSecurityConfig.class }; > } > } > However, I am still able to log into multiple browser sessions from my > machine. Any advise on what I am doing wrong with my code? Thanks in > advance. > > -- > Kind Regards > Usman Khaliq > Programmer and R&D Lead > iDT Labs > 5 Foday Drive,Regent Road,Hill Station > Freetown,Sierra Leone > Tel: +92334 3777 059/ + 232 77 775 775 > Skype: usman.khaliq > Website:www.idtlabs.sl > -- Ippez Roberts Director & Founder - Skyline Technologies Uganda "IT Consultants & Engineers" P.O.Box 155, Moyo UGANDA. Tel: +256788725408/789643284 Skype ID: ippez.robert1 Email: [email protected]
