Yep that's the changes I made. Btw the example is distributed with your Click distribution, no need to look at the Avoka site.
Also when you perform your test I suggest you use different browsers eg. Firefox+IE. Kind regards Bob On Fri, Sep 17, 2010 at 4:14 AM, C Jennings <[email protected]> wrote: > Hi Bob - > Thank you for the reply. and yes, I am using spring-2.5.6 and security 2.0.4as > well. > > > > So you just modified WEB-INF/spring-beans.xml using the: > > <concurrent-session-control max-sessions="1" > exception-if-maximum-exceeded="true"/> > > and the WEB-INF/web.xml with the listener class: > <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> > > > and the Spring login page > (http://www.avoka.com/click-examples/springsecurity/login.htm) worked fine for > you? > > OK, I'll have to go through that code on the avoka site again and see what I > am > missing on my end. > > Thanks again for your valued input. > > Conor > > > > > > ----- Original Message ---- > From: Bob Schellink <[email protected]> > To: [email protected] > Sent: Wed, September 15, 2010 11:12:40 PM > Subject: Re: Spring Security Feature (concurrent-session-control) not working > with Apache Click 2.2.0? > > Got the examples workingt (should have added the >>concurrent-session-control> element inside <http>. > > When I log in with RFF it works. When I log in with IE it fails and > the following log is printed. > > [WARN ] [o.s.s.e.a.LoggerListener] Authentication event > AuthenticationFailureConcurrentLoginEvent: bob; details: > org.springframework.security.ui.webauthenticationdeta...@ffff4c9c: > RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: > AF6D6BAC8E69E734BA1AAF556DC03593; exception: Maximum sessions of 1 for > this principal exceeded > > Bob > > On Thu, Sep 16, 2010 at 12:31 PM, Bob Schellink <[email protected]> wrote: >> Hi Conor, >> >> I don't know this feature. Which version of Spring and Spring-security >> are you using? I did a quick test with the click-examples which uses >> spring-2.5.6 and security 2.0.4 but the xml doesn't validate when I >> add <concurrent-session-control>. >> >> Spring security is a filter while Click is a Servlet so I can't see >> how Click would interfere with Spring at all. There must be some >> difference between your two demos that leads to the issue. >> Implementation wise I would think Spring tracks logins in the session. >> Again Click doesn't touch the session variables so this shouldn't be >> an issue either. >> >> Kind regards >> >> Bob >> >> On Thu, Sep 16, 2010 at 11:03 AM, C Jennings <[email protected]> wrote: >>> Hello - >>> I have run into an unfortunate problem with trying to use Spring Security > with >>> Apache Click. >>> >>> I have all components working correctly with Spring Security except for the >>> "concurrent session control "feature whereby a user should be only able to > log >>> on to the application once. Concurrent sessions should not be allowed. >>> Within >>> Spring Security, this is easily configured as shown below. >>> >>> In web.xml add a listener: >>> >>> <listener> >>><listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class> >>>> >>> >>> </listener> >>> >>> In Spring security configuration: >>> <http> >>> ... >>> <concurrent-session-control max-sessions="1" >>> exception-if-maximum-exceeded="true"/> >>> </http> >>> >>> >>> Now I have two prototypes of a Web application, one that uses Click and the >>> other that doesn't. The concurrent-session-control feature works fine in the >>> non-Click version. However, I can sign in on multiple browser windows with > the >>> Click version for the same signed in user. >>> >>> If anyone has had any success with implementing this Spring Security feature >>> with Click, I would greatly appreciate your input as I was hoping to be able >>to >>> use the Click framework for our upcoming project having devoted a fair >>> amount >>>of >>> time ramping up on it's features. If you'd like to see more information from >>my >>> configuration files, please let me know and I'll email to this thread.. >>> >>> Thank You.. >>> >>> Conor >>> >>> >>> >>> >> > > > > >
