Problem with concurrent sessions and OAuth2 in Spring Boot
75
June 28, 2022, at 12:40 PM
I'm working with Spring Security 5.6.0 and OAuth 2.0 authentication. I'm trying to limit the concurrent sessions for each user to one. After some tries, I managed to write this code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
[...]
.sessionManagement()
.sessionFixation().migrateSession()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.invalidSessionUrl("/expired")
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.sessionRegistry(sessionRegistry());
with
@Bean
public SessionRegistry sessionRegistry() {
SessionRegistry sessionRegistry = new SessionRegistryImpl();
return sessionRegistry;
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
Yet, this doesn't work for some reason, letting two different browsers make API calls with the same user logged in. Any suggestions?
-
05:30
-
04:00
-
00:00
-
10:30
-
9:10
-
07:40
Firebase Cloud Functions: PubSub, "res.on is not a function"
-
04:00
TypeError: Cannot read properties of undefined (reading 'createMessageComponentCollector')
-
9:20
-
7:40
POPULAR ONLINE
- search for elements in a list 110615 visits
- typescript: tsc is not recognized as an internal or external command, operable program or batch file 105866 visits
- In Chrome 55, prevent showing Download button for HTML 5 video 98317 visits
- RxJS5 - error - TypeError: You provided an invalid object where a stream was expected 95795 visits
- Ionic 2 - how to make ion-button with icon and text on two lines? 92014 visits
- NetBeans IDE - ClassNotFoundException: net.ucanaccess.jdbc.UcanaccessDriver 61490 visits
- Adding methods to es6 child class 22092 visits
