본문 바로가기
Dev/Framework

스프링 시큐리티를 이용한 로그인 처리

쏠트크리스탈 2017. 7. 27. 17:57
728x90

http://niees.tistory.com/category/spring-security


포스팅이 매우 훌륭함.


추가


http://www.waitingforcode.com/spring-security/handling-of-expired-sessions-in-spring-security/read



로그아웃 후, 재로그인이 안 되는 문제

https://stackoverflow.com/questions/3145936/spring-security-j-spring-security-logout-problem/3148236#3148236

https://stackoverflow.com/questions/3145936/spring-security-j-spring-security-logout-problem


Concurrent Session Control

If you wish to place constraints on a single user's ability to log in to your application, Spring Security supports this out of the box with the following simple additions. First you need to add the following listener to your web.xml file to keep Spring Security updated about session lifecycle events:

  <listener>
    <listener-class>
      org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
  </listener>

Then add the following lines to your application context:

  <http>
    ...
    <session-management>
        <concurrency-control max-sessions="1" />
    </session-management>
  </http>

This will prevent a user from logging in multiple times - a second login will cause the first to be invalidated. Often you would prefer to prevent a second login, in which case you can use

  <http>
    ...
    <session-management>
        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </session-management>
  </http>

The second login will then be rejected. By rejected, we mean that the user will be sent to the authentication-failure-url if form-based login is being used. If the second authentication takes place through another non-interactive mechanism, such as remember-me, an unauthorized (402) error will be sent to the client. If instead you want to use an error page, you can add the attribute session-authentication-error-url to the session-management element.

If you are using a customized authentication filter for form-based login, then you have to configure concurrent session control support explicitly. More details can be found in the Session Management chapter.



<listener>
  <listener-class>
    org.springframework.security.web.session.HttpSessionEventPublisher
  </listener-class>
</listener>


저작자표시 비영리 변경금지

'Dev > Framework' 카테고리의 다른 글

SpringBoot + JPA + QueryDSL  (0) 2019.12.05
SpringBoot + JSP  (0) 2019.11.26
다국어 Message Resource 브라우져 언어 / 파라미터 처리 설정 #2  (0) 2013.06.10
다국어 Message Resource 브라우져 언어 / 파라미터 처리 설정  (0) 2013.05.16
<s:form> 태그 <form> 태그로 변환 되었을 때의 id 속성 값의 변화  (0) 2010.12.23

'Dev/Framework' Related Articles

티스토리툴바