Hello -
I have run into an unfortunate problem with trying to use Spring Security with
Apache Click.
I have all components working correctly with Spring Security except for the
"concurrent session control "feature whereby a user should be only able to log
on to the application once. Concurrent sessions should not be allowed. Within
Spring Security, this is easily configured as shown below.
In web.xml add a listener:
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
In Spring security configuration:
<http>
...
<concurrent-session-control max-sessions="1"
exception-if-maximum-exceeded="true"/>
</http>
Now I have two prototypes of a Web application, one that uses Click and the
other that doesn't. The concurrent-session-control feature works fine in the
non-Click version. However, I can sign in on multiple browser windows with the
Click version for the same signed in user.
If anyone has had any success with implementing this Spring Security feature
with Click, I would greatly appreciate your input as I was hoping to be able to
use the Click framework for our upcoming project having devoted a fair amount
of
time ramping up on it's features. If you'd like to see more information from my
configuration files, please let me know and I'll email to this thread..
Thank You..
Conor
