Hi Usman Khaliq, Have you got a solution for thjs based on what i shared with you? Please shares.
Thanks Regards Ippez Robert On Wed, May 10, 2017 at 4:30 PM, Ippez Robert <[email protected]> wrote: > Hi i was hoping to implement this as here but some how got lost. What i > wanted to do is to prevent users from login in multiple devices/computers > by adding a column is_logged_in to m_appuser table so when a user tries to > login and if his credentials are correct, but is logged in another computer > he is rejected from loggin in. and notified in the community-app that he is > logged in another device. he should log out from there and try again. > > I tried to test what i have done and here is how it behaves... a user > login and the value of is_logged_in is set to 1. Which is correct but now > what i want is to have a check for is_logged_in value before a user if > fully authenticated. Thats my challenge. > > Here is my code snippet, please make some tweak and if it works, then > share back. > > The commit is here https://github.com/Ippezrobert/incubator- > fineract/commit/c49280aa8ec6659e0133004787c6e11919854dd6 > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FIppezrobert%2Fincubator-fineract%2Fcommit%2Fc49280aa8ec6659e0133004787c6e11919854dd6&sa=D&sntz=1&usg=AFQjCNEk9TnHtXAWmlwD1sLgyCIy763D1g> > > Thanks > Regards > > On Wed, May 10, 2017 at 4:23 PM, Usman Khaliq <[email protected]> > wrote: > >> Hi everyone, >> >> I have written the following code in the infrastructure/core/boot >> directory >> to set the number of concurrent user sessions at 1: >> >> @EnableWebSecurity >> @Configuration >> public class WebSecurityConfig extends WebSecurityConfigurerAdapter { >> >> @Override >> protected void configure(HttpSecurity http) throws Exception { >> http >> .authorizeRequests() >> .anyRequest() >> .authenticated() >> .and() >> .sessionManagement() >> .maximumSessions(1) >> .maxSessionsPreventsLogin(true) >> .sessionRegistry(sessionRegistry()); >> } >> >> // Work around https://jira.spring.io/browse/SEC-2855 >> @Bean >> public SessionRegistry sessionRegistry() { >> SessionRegistry sessionRegistry = new SessionRegistryImpl(); >> return sessionRegistry; >> } >> >> @Autowired >> public void configureGlobal(AuthenticationManagerBuilder auth) throws >> Exception { >> auth >> .inMemoryAuthentication() >> .withUser("mifos").password("p >> assword").roles("USER"); >> } >> >> // Register HttpSessionEventPublisher >> @Bean >> public static ServletListenerRegistrationBean >> httpSessionEventPublisher() { >> return new ServletListenerRegistrationBean(new >> HttpSessionEventPublisher()); >> } >> } >> >> I have also registered the Spring Security filter created above in the >> AbstractSecurityWebApplicationInitializer in the infrastructure/core/boot >> directory as follows: >> >> public class SecurityWebApplicationInitializer >> extends AbstractSecurityWebApplicationInitializer { >> protected Class<?>[] getRootConfigClasses() { >> return new Class[] { WebSecurityConfig.class }; >> } >> } >> However, I am still able to log into multiple browser sessions from my >> machine. Any advise on what I am doing wrong with my code? Thanks in >> advance. >> >> -- >> Kind Regards >> Usman Khaliq >> Programmer and R&D Lead >> iDT Labs >> 5 Foday Drive,Regent Road,Hill Station >> Freetown,Sierra Leone >> Tel: +92334 3777 059/ + 232 77 775 775 >> Skype: usman.khaliq >> Website:www.idtlabs.sl >> > > > > -- > Ippez Roberts > Director & Founder - Skyline Technologies Uganda > "IT Consultants & Engineers" > P.O.Box 155, Moyo > UGANDA. > Tel: +256788725408 <+256%20788%20725408>/789643284 > Skype ID: ippez.robert1 > Email: [email protected] > -- Ippez Roberts Director & Founder - Skyline Technologies Uganda "IT Consultants & Engineers" P.O.Box 155, Moyo UGANDA. Tel: +256788725408/789643284 Skype ID: ippez.robert1 Email: [email protected]
