首先,我们需要使得
ConcurrentSessionFilter 生效并在
spring-security.xml 配置。
<http auto-config="true" use-expressions="true">
<!-- Uncomment to limit the number of sessions a user can have -->
<session-management invalid-session-url="/index.do">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false"/>
</session-management>
</http>
其次,需要在
web.xml 描述文件中配置中使得
o.s.s.web.session.HttpSessionEventPublisher 生效,这样
servelt 容器将会通知
Spring Security session 生命周期的事件(通过
HttpSessionEventPublisher )。
<listener>
<listener-class>
org.springframew