spring-security（七）java config-sample之concurrency

Preface:
  In practical applications, we may limit the number of times a user can log in to the same application at the same time. For example, we hope that only one 'Zhang San' can log in in the system, thereby preventing the user 'Zhang San' from using two different sessions to enter our web application. For this reason, spring security provides us with the following two strategies to achieve this function :

• When the same user logs in again, the session information of the previous login is automatically set to expire.
• Report an error directly, prompting the user to be logged in, thereby preventing this login

Note: When using the second method, if a user does not explicitly execute logout (for example, the user directly closes the browser), he will not be able to log in to the system again until the user's session expires.
This example uses the first strategy , set the maximum number of concurrent logins to 1
Environment:
  spring boot version: 1.5.4.RELEASE

1. Project structure



2. Configuration class SecurityConfig.java

package falcon.chengf.security.sample.javaconfig.concurrency;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author: Author: chengaofeng
 * @date: Creation time: 2018-02-15 10:33:55
 * @Description: EVERYTHING
 * @version V1.0
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	// @formatter:off
	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.inMemoryAuthentication()
				.withUser("user").password("password").roles("USER");
	}
	// @formatter:on

	// @formatter:off
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()
				.anyRequest().authenticated()
				.and()
			.formLogin()
				.and()
			.sessionManagement()
				.maximumSessions(1)
					.expiredUrl("/login?expired");
	}
	// @formatter:on
}

Mainly, sessionManagement().maximumSessions(1).expiredUrl("/login?expired"); This configuration means to enable session control. The maximum number of concurrent sessions is 1. When the session expires, the user is redirected to /login page
3. Startup class SecurityConcurrencyApp.java

package falcon.chengf.security.sample.javaconfig.concurrency;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

/**
 * Hello world!
 *
 */
@SpringBootApplication
public class SecurityConcurrencyApp
{
    public static void main( String[] args )
    {
        SpringApplication.run(SecurityConcurrencyApp.class, args);
    }
}

4. Project pom file

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>falcon.chengf</groupId>
	<artifactId>security-sample-javaconfig-concurrency</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>security-sample-javaconfig-concurrency</name>
	<url>http://maven.apache.org</url>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	</properties>

	<dependencyManagement>

		<dependencies>
			<dependency>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-starter-parent</artifactId>
				<version>1.5.4.RELEASE</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<executions>
					<execution>
						<goals>
							<goal>repackage</goal>
						</goals>
					</execution>
				</executions>
				<configuration>
					<mainClass>${start-class}</mainClass>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

5.index page

<!DOCTYPE html>
<html>
<head>
<title>Static</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
	hello，security
</body>
</html>

6. Start the project
Select the startup class, select Run As->Java application, and enter
http://localhost:8080/index.html in the browser after startup. Under
normal circumstances, we will be redirected to the login interface and



enter user name: user; password: password, after entering the index page


, we open another browser (for example, we used safari before, now we use chrome, or open the browser on another computer), and re-execute the above login steps, when in the new browser After entering the index page, go back to the previous browser to perform a refresh, and you will find that we have been redirected to the login page, which proves that the concurrent login control we set has played a role.

Download source code