Java, Spring Security : Disable 2 logins from single browser when authenticated from backend -

August 15, 2010

i working on spring-mvc application in using spring-security authentication , authorization. in 1 of features, sending invitation users join application. when user clicks on email link, login user backend.

if there user logged in, session old user not removed. have set in xml create newsession, not helping either. result have 2 users logged in same browser. ideas, thank you.

security-application-context.xml code :

 <security:http pattern="/resources/**" security="none"/>     <security:http create-session="ifrequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">         <security:form-login login-page="/login" username-parameter="j_username" password-parameter="j_password"                              login-processing-url="/j_spring_security_check" default-target-url="/canvaslisting"                              always-use-default-target="false" authentication-failure-url="/login?error=auth"/>         <security:remember-me key="_spring_security_remember_me" user-service-ref="userdetailsservice"                               token-validity-seconds="1209600" data-source-ref="datasource"/>         <security:logout delete-cookies="jsessionid" invalidate-session="true" logout-url="/j_spring_security_logout"/>         <security:intercept-url pattern="/**" requires-channel="https"/>         <security:port-mappings>             <security:port-mapping http="80" https="443"/>         </security:port-mappings>         <security:logout logout-url="/logout" logout-success-url="/" success-handler-ref="mylogouthandler"/>         <security:session-management session-fixation-protection="migratesession">             <security:concurrency-control session-registry-ref="sessionreg" max-sessions="5" expired-url="/login"/>         </security:session-management>     </security:http>      <beans:bean id="sessionreg" class="org.springframework.security.core.session.sessionregistryimpl"/>

controller code :

@requestmapping(value = "/activatemembership/{token}")     public string activatemembershipforexistinguser(){ boolean val = this.groupmembersservice.activatemembers(token,true);  }

service layer code :

// logout true when clicked email.     @override     public boolean activatemembers(string token, boolean logout) {         try {             string[] parts = token.split(token_separator);             string username = parts[0].tolowercase();             long groupaccountid = long.valueof(parts[2]);             groupaccount groupaccount = this.groupaccountservice.getgroupobjectonlybyid(groupaccountid);             person person = this.personservice.findpersonbyusername(username);             if(logout) {                 person loggedinuser = this.personservice.getcurrentlyauthenticateduser();                 if (!(loggedinuser == null)) {                     loggedinuser.setonlinestatus(null);                     this.personservice.directpersonupdate(loggedinuser);                     securitycontextholder.getcontext().setauthentication(null);                  }             } //other service layer code   if(logout) {                     collection<grantedauthority> authorities = new arraylist<>();                     authorities.add(new simplegrantedauthority("role_user"));                     authentication authentication = new usernamepasswordauthenticationtoken(person, null, authorities);                     securitycontextholder.getcontext().setauthentication(authentication);                 } }

any ideas? thank you.

Search This Blog

Single

Java, Spring Security : Disable 2 logins from single browser when authenticated from backend -

Comments

Post a Comment

Popular posts from this blog

minify - Minimizing css files -

neo4j - finding mutual friends in a cypher statement starting with three or more persons -

php - How to remove letter in front of the word laravel -