Hi Bob - Thank you for the reply. and yes, I am using spring-2.5.6 and security 2.0.4as well.
So you just modified WEB-INF/spring-beans.xml using the: <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/> and the WEB-INF/web.xml with the listener class: <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> and the Spring login page (http://www.avoka.com/click-examples/springsecurity/login.htm) worked fine for you? OK, I'll have to go through that code on the avoka site again and see what I am missing on my end. Thanks again for your valued input. Conor ----- Original Message ---- From: Bob Schellink <[email protected]> To: [email protected] Sent: Wed, September 15, 2010 11:12:40 PM Subject: Re: Spring Security Feature (concurrent-session-control) not working with Apache Click 2.2.0? Got the examples workingt (should have added the >concurrent-session-control> element inside <http>. When I log in with RFF it works. When I log in with IE it fails and the following log is printed. [WARN ] [o.s.s.e.a.LoggerListener] Authentication event AuthenticationFailureConcurrentLoginEvent: bob; details: org.springframework.security.ui.webauthenticationdeta...@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: AF6D6BAC8E69E734BA1AAF556DC03593; exception: Maximum sessions of 1 for this principal exceeded Bob On Thu, Sep 16, 2010 at 12:31 PM, Bob Schellink <[email protected]> wrote: > Hi Conor, > > I don't know this feature. Which version of Spring and Spring-security > are you using? I did a quick test with the click-examples which uses > spring-2.5.6 and security 2.0.4 but the xml doesn't validate when I > add <concurrent-session-control>. > > Spring security is a filter while Click is a Servlet so I can't see > how Click would interfere with Spring at all. There must be some > difference between your two demos that leads to the issue. > Implementation wise I would think Spring tracks logins in the session. > Again Click doesn't touch the session variables so this shouldn't be > an issue either. > > Kind regards > > Bob > > On Thu, Sep 16, 2010 at 11:03 AM, C Jennings <[email protected]> wrote: >> Hello - >> I have run into an unfortunate problem with trying to use Spring Security with >> Apache Click. >> >> I have all components working correctly with Spring Security except for the >> "concurrent session control "feature whereby a user should be only able to log >> on to the application once. Concurrent sessions should not be allowed. Within >> Spring Security, this is easily configured as shown below. >> >> In web.xml add a listener: >> >> <listener> >><listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> >>> >> >> </listener> >> >> In Spring security configuration: >> <http> >> ... >> <concurrent-session-control max-sessions="1" >> exception-if-maximum-exceeded="true"/> >> </http> >> >> >> Now I have two prototypes of a Web application, one that uses Click and the >> other that doesn't. The concurrent-session-control feature works fine in the >> non-Click version. However, I can sign in on multiple browser windows with the >> Click version for the same signed in user. >> >> If anyone has had any success with implementing this Spring Security feature >> with Click, I would greatly appreciate your input as I was hoping to be able >to >> use the Click framework for our upcoming project having devoted a fair >> amount >>of >> time ramping up on it's features. If you'd like to see more information from >my >> configuration files, please let me know and I'll email to this thread.. >> >> Thank You.. >> >> Conor >> >> >> >> >
