賬戶登錄時,要求一個賬戶同時只能一人登錄,配置中的步驟有三個:
1.在web.xml中配置HttpSessionEventPublisher
<listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener>
2.在security.xml中配置session management
session-management標簽放在http標簽中
<session-management invalid-session-url="/login?invalid_session"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login?expired"/> </session-management>
其中的"max-session"屬性表示最大session會話數量,默認是1;"error-if-maximum-exceeded"屬性默認是false,表示同一賬號,先登錄的,會被后登錄者強制下線,為true時,表示一旦有用戶登錄,其他用戶將無法登錄。
3.重寫user登錄相關類中的equals和hashCode方法,若擴展了UserDetails,也要重寫其equals和hashCode方法
User.java
@Override public boolean equals(Object o) { if (this == o) return true; if (!(o instanceof User)) return false; User that = (User) o; if (guid != null ? !guid.equals(that.guid) : that.guid != null) return false; return true; } @Override public int hashCode() { return guid != null ? guid.hashCode() : 0; }
StUserDetails.java
@Override public boolean equals(Object o) { if (this == o) return true; if (!(o instanceof StUserDetails)) return false; StUserDetails that = (StUserDetails) o; if (grantedAuthorities != null ? !grantedAuthorities.equals(that.grantedAuthorities) : that.grantedAuthorities != null) return false; if (user != null ? !user.equals(that.user) : that.user != null) return false; return true; } @Override public int hashCode() { int result = user != null ? user.hashCode() : 0; result = 31 * result + (grantedAuthorities != null ? grantedAuthorities.hashCode() : 0); return result; }
初學,若有錯誤之處,望大家指教!