spring limit max sessions ; limit max users

后端未结

关注

 3  1814

你的背包 2020-12-16 07:04

may i know possible to use spring security to limit max number of users able to login to website at the same time?

definately, not concurrent-session-control parame

3条回答

悲&欢浪女 (楼主)

2020-12-16 07:40

this post is a bit old but I have had the same problem in spring security 4.1 and I have solved it like that.

session-management

session-authentication-strategy-ref

SessionRegistry

@Autowired
private SessionRegistry sessionRegistry;

Authentication

List sessions = new ArrayList<>();
for (Object principal : sessionRegistry.getAllPrincipals()) {
    sessions.addAll(sessionRegistry.getAllSessions(principal, false));
}
LOGGER.info("Sessiones Activas: " + sessions.size());
// filtro para limite de sessiones
if (sessions.size() < max_sessions) {
//authentication
} else {
    throw new SessionAuthenticationException("Maximo numero de Usuarios exedido.");
}

in this way because I am authenticating based on security: custom-filter

0 讨论(0)

查看其它3个回答