Spring security concurrent sessions

Рет қаралды 11,968

Күн бұрын

Spring security concurrent sessions. Lean how to use the #springsecurity and the concurrent sessions control feature to restricting the number of concurrent sessions per User. In this #springsecuritytutorial, we will also see how the concurrent sessions feature works internally and how we can customize the behavior in our #springapplication.
We will take closer look at the internal working of spring security and how SessionRegistry, ConcurrentSessionControlStrategy, HttpSessionEventPublisher, SessionManagementFilter and ConcurrentSessionFilter works together to accomplish this feature sing spring session management.
This #springtutorial also covers some of the important point while enabling this feature and how #springsession can help us to overcome some of the limitations of #concurrentsession.
List of few articles for your reference:
www.javadevjournal.com/spring...
www.javadevjournal.com/spring...
www.javadevjournal.com/spring...
#springsecuritytutorials #springboot #springmvc #security #session #httpsession #sessionmanagement #springframework #springcore #springsecurity

Пікірлер: 33

@sumitrashmi4500 3 жыл бұрын

Great Content and a most important series for a backend java developer

@javadevjournal 3 жыл бұрын

Agree, security is one of the core component for any modern application.

@ujashprajapati8818 3 жыл бұрын

Finally got this✅

@javadevjournal 3 жыл бұрын

glad, it was helpful to you :)

@RahulKumar-qu1if 2 жыл бұрын

I am using react as fronted and I follow your approach but it didn't work so how to do the concurrency control if we are using any fronted language

@HarshaVardhan-jf9sd 2 жыл бұрын

Does this also work if the session creation policy is STATELESS? .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

@shane-kung 2 жыл бұрын

Thanks. I am just wondering In the case of No3. Can I not use SessionRegistry?

@javadevjournal 2 жыл бұрын

In simple use case it will work but for the In a clustered environment, it won't work..for In a clustered environment, you should look at Spring Session www.javadevjournal.com/spring/spring-session/

@LeetcodeUser 3 жыл бұрын

can you please give them numbering and last but not least you are Awsome.

@javadevjournal 3 жыл бұрын

Sure..let me try that, but if you follow the play list..it is sorted by release date

@aminemaghous 2 жыл бұрын

How can we work with this if we are using JWT?

@javadevjournal 2 жыл бұрын

JWT is a stateless authentication mechanism so preventing or disabling multiple logins will require different approach.You may have to cleanup the token if this is used by other something like..storing/ updating the refresh token on each new login.

@rahulcse3970 2 жыл бұрын

It's not working in my case i am able to login the application from different browser

@javadevjournal 2 жыл бұрын

what happened when you refresh it in both places? are you still logged in? What are your configurations

@kiransachdeva9013 2 жыл бұрын

Hi every where I can see form authentication is being used.... But in my case we are passing username in url itself... So still this spring security concurrent feature can be used for me? If yes then how... Please help

@javadevjournal 2 жыл бұрын

Session is related to the logged in user, I am not sure what you mean by passing the username in the URL? We need some more information on the context before I can answer.

@kiransachdeva9013 2 жыл бұрын

For example :- some url /username...... It ll open my application based upon the username provided

@kiransachdeva9013 2 жыл бұрын

We don't have form in which we ll fill username and password. We ll directly access the application url follow by the username.... Different username have different roles assigned to it.... Based upon those username different options will load on application first window.

@javadevjournal 2 жыл бұрын

@@kiransachdeva9013 so it's more of the authorization that is applicable for your case..In any case, this will work as you still need to create an Authenticated Object and add it to SecurityContext unless this is a stateless

@kiransachdeva9013 2 жыл бұрын

Thanks for info....... One more question is This will only work when user is trying to login from different browsers.... Can u suggest how can i restrict from different tabs of same browsers for same user also?

@yaseensanderwale7814 3 жыл бұрын

can you please provide the link to source code

@javadevjournal 3 жыл бұрын

github.com/javadevjournal/javadevjournal/tree/master/spring-security/spring-security-series

@bhar32 2 жыл бұрын

Even I tried it's not working. I am able to login from multiple browser with refresh .🙃

@bhar32 2 жыл бұрын

finally I found why it's not working... and the reason is equals and hashcode method which is also required.

@javadevjournal 2 жыл бұрын

@@bhar32 that is true and a true session management need more of central session management like spring session

@pixo-pixel 3 жыл бұрын

not working for me...i able to login from multiple browser

@javadevjournal 3 жыл бұрын

how many session are you seeting in your configuration? What happened if you try to refresh the browser after login on both browser? take a look at www.javadevjournal.com/spring-security/spring-security-session/ , you can share the sample code on GitHub if this still doesn't work

@pixo-pixel 3 жыл бұрын

@@javadevjournal there was a problem with equals and hash method...by googling it i solved my problem... thanks for replying....but i have another problem..IS THERE ANY WAY TO PREVENT DUPLICATE URLS USING SPRING...I HAVE TO RESTRICT SOME URLS SO THEY CANNOT BE OPENED IN MORE THAN ONE TABS..FOR EXAMPLE CART OR PAYMENT URL I DON'T WANT THAT USER COULD OPEN CART URL OR PAYMENT URL IN MORE THAN ONE TAB FOR SECURITY REASON.

@umamaheswari6754 Ай бұрын

If possible please share the github link please

@javadevjournal Ай бұрын

github.com/javadevjournal/javadevjournal/tree/master/spring-security/spring-security-series

@sharvaridesai4580 2 жыл бұрын

I am able to log in to the application from a different browser. Could you please help?

@javadevjournal 2 жыл бұрын

You need to have a central session management like spring session in case you want to allow something like this..that an be easily managed through session registry.