add feature(security):同個使用者一次只能一個session登入

https://www.baeldung.com/spring-security-session
imrexhuang · Mar 1, 2021 · f65ba77 · f65ba77
1 parent c8ef9bc
commit f65ba77
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/src/main/java/org/inlighting/security/config/MyWebConfig.java b/src/main/java/org/inlighting/security/config/MyWebConfig.java
@@ -1,16 +1,33 @@
 package org.inlighting.security.config;
 
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.web.context.request.RequestContextListener;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
+import org.springframework.web.util.IntrospectorCleanupListener;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 
 // https://openhome.cc/Gossip/Spring/Controller.html
 // https://blog.elliot.tw/?p=381
+// https://openhome.cc/Gossip/ServletJSP/Configuration.html
+// https://blog.csdn.net/xinluke/article/details/53020113
 
 public class MyWebConfig extends AbstractAnnotationConfigDispatcherServletInitializer
 {
     public MyWebConfig() {
 
     }
 
+    @Override
+    public void onStartup(ServletContext servletContext) throws ServletException {
+        servletContext.addListener(HttpSessionEventPublisher.class);
+        //servletContext.addListener(RequestContextListener.class);
+        //servletContext.addListener(IntrospectorCleanupListener.class);
+        super.onStartup(servletContext);
+    };
+
+
     protected Class<?>[] getRootConfigClasses() {
         return new Class<?>[]{ApplicationConfig.class};
     }

diff --git a/src/main/java/org/inlighting/security/security/SecurityConfig.java b/src/main/java/org/inlighting/security/security/SecurityConfig.java
@@ -71,6 +71,10 @@ protected void configure(HttpSecurity http) throws Exception {
                 //.csrf().requireCsrfProtectionMatcher(AnyRequestMatcher.INSTANCE)
                 .and()
                 .exceptionHandling().accessDeniedPage("/403"); // 权限不足自动跳转403
+
+        // https://www.baeldung.com/spring-security-session
+        //同個使用者一次只能一個session登入，重複原本登入的會回應This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).
+        http.sessionManagement().maximumSessions(1);
     }
 
     /**