如何在Grails Acegi插件中控制同一账号登录

1.Set the concurrentSessionController in Bootstrap:

class BootStrap {

   def authenticationManager
   def concurrentSessionController

   def init = { servletContext ->
      authenticationManager.sessionController = concurrentSessionController
   }

   def destroy = {}
} 

 

2. then in resources.groovy I configured the missing concurrentSessionFilter :

import org.springframework.security.concurrent.ConcurrentSessionControllerImpl
import org.springframework.security.concurrent.ConcurrentSessionFilter
import org.springframework.security.concurrent.SessionRegistryImpl
import org.springframework.security.providers.ProviderManager

beans = {

   sessionRegistry(SessionRegistryImpl)

   concurrentSessionController(ConcurrentSessionControllerImpl) {
      maximumSessions = 1
      sessionRegistry = sessionRegistry
   }

   concurrentSessionFilter(ConcurrentSessionFilter) {
      sessionRegistry = sessionRegistry
      expiredUrl = '/login/concurrentSession'
   }
} 

 

3. and took advantage of a new feature in the 0.3 version of the plugin, being
able to specify the FilterChainProxy filter list as a list of strings in
SecurityConfig.groovy:

   filterNames = ['concurrentSessionFilter',
                  'httpSessionContextIntegrationFilter',
                  'logoutFilter',
                  'authenticationProcessingFilter',
                  'securityContextHolderAwareRequestFilter',
                  'rememberMeProcessingFilter',
                  'anonymousProcessingFilter',
                  'exceptionTranslationFilter',
                  'filterInvocationInterceptor'] 

 

结论及其他：

1.本文引自nabble讨论：http://old.nabble.com/dealing-with-concurrent-session-in-acegi-and-grails-td18987010.html

2.另一个nabble讨论提到acegi plugin将在0.6版本纳入此功能：http://jira.codehaus.org/browse/GRAILSPLUGINS-962