Problem with concurrent sessions and OAuth2 in Spring Boot

75
June 28, 2022, at 12:40 PM

I'm working with Spring Security 5.6.0 and OAuth 2.0 authentication. I'm trying to limit the concurrent sessions for each user to one. After some tries, I managed to write this code:

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
  [...]
    .sessionManagement()
    .sessionFixation().migrateSession()
    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
    .invalidSessionUrl("/expired")
    .maximumSessions(1)
    .maxSessionsPreventsLogin(true)
    .sessionRegistry(sessionRegistry());

with

@Bean
public SessionRegistry sessionRegistry() {
    SessionRegistry sessionRegistry = new SessionRegistryImpl();
    return sessionRegistry;
}
@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
    return new HttpSessionEventPublisher();
}

Yet, this doesn't work for some reason, letting two different browsers make API calls with the same user logged in. Any suggestions?

Rent Charter Buses Company
READ ALSO
Pass html data to Quarkus Template

Pass html data to Quarkus Template

I am using Quarkus Mailer and Quarkus Template to create an endpoint that will be responsible just for sending emailsFor now it just receives the subject, body and the emails that the email should be sent to

68
Can I change a keystore JKS file's alias password with only the keystore password and not the alias password?

Can I change a keystore JKS file's alias password with only the keystore password and not the alias password?

Is it possible to change a keystore alias' password without having the oldI do have the keystore's password and the alias name

117
How to deploy apache camel application on wildfly

How to deploy apache camel application on wildfly

I developed an Apache Camel application and I want to deploy it to wildflyFrom this guide https://wildfly-extras

66
How to add a unique tag to each log in logging.properties

How to add a unique tag to each log in logging.properties

My standard configuration of Tomcat 85 splits the logs into

57