- method level based security configuration
- url level auth configuration
- easy login mechanism
- so on.
Quick Fix:
replace the Maps in SessionRegistryImpl with your distributable caching mechanism (can be ehcache,oscache,vs) and reimplement it. Or you can use some JMS mechanism to fix this cap but it should be used only in complex architectures.
Acegi Concurrent Setup:
<bean id=" org.acegisecurity.concurrent.SessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"/> <bean id="org.acegisecurity.concurrent.ConcurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl"> <property name="maximumSessions"> <value>1</value> </property> <property name="sessionRegistry"> <ref local="org.acegisecurity.concurrent.SessionRegistry"/> </property> <property name="sessionRegistry" ref="org.acegisecurity.concurrent.SessionRegistry"/> </bean> <bean id="org.acegisecurity.AuthenticationManager" class="org.acegisecurity.providers.ProviderManager "> <property name="providers"> <list> <ref local="org.acegisecurity.providers.dao.DaoAuthenticationProvider"/> <ref local="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"/> </list> </property> <property name="sessionController" ref="org.acegisecurity.concurrent.ConcurrentSessionController "/> </bean> <bean id="org.acegisecurity.concurrent.ConcurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter "> <property name="sessionRegistry" ref="org.acegisecurity.concurrent.SessionRegistry"/> <property name="expiredUrl" value="/myself/"/> </bean>
And add org.acegisecurity.concurrent.ConcurrentSessionFilter to your filter list
PS:
check my new blog Clustering Acegi via JGroups (DistributedHashtable)
No comments:
Post a Comment