fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ippez Robert <ippezrob...@gmail.com>
Subject Re: Limiting Concurrent User Sessions to 1
Date Wed, 10 May 2017 13:30:34 GMT
Hi i was hoping to implement this as here but some how got lost. What i
wanted to do is to prevent users from login in multiple devices/computers
by adding a column is_logged_in to m_appuser table so when a user tries to
login and if his credentials are correct, but is logged in another computer
he is rejected from loggin in. and notified in the community-app that he is
logged in another device. he should log out from there and try again.

I tried to test what i have done and here is how it behaves... a user login
and the value of  is_logged_in is set to 1. Which is correct but now what i
want is to have a check for  is_logged_in value before a user if fully
authenticated. Thats my challenge.

Here is my code snippet, please make some tweak and if it works, then share
back.

The commit is here
https://github.com/Ippezrobert/incubator-fineract/commit/c49280aa8ec6659e0133004787c6e11919854dd6
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FIppezrobert%2Fincubator-fineract%2Fcommit%2Fc49280aa8ec6659e0133004787c6e11919854dd6&sa=D&sntz=1&usg=AFQjCNEk9TnHtXAWmlwD1sLgyCIy763D1g>

Thanks
Regards

On Wed, May 10, 2017 at 4:23 PM, Usman Khaliq <usman.khaliq91@gmail.com>
wrote:

> Hi everyone,
>
> I have written the following code in the infrastructure/core/boot directory
> to set the number of concurrent user sessions at 1:
>
> @EnableWebSecurity
> @Configuration
> public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
>
>     @Override
>     protected void configure(HttpSecurity http) throws Exception {
>         http
>                 .authorizeRequests()
>                 .anyRequest()
>                 .authenticated()
>                     .and()
>                 .sessionManagement()
>                     .maximumSessions(1)
>                     .maxSessionsPreventsLogin(true)
>                     .sessionRegistry(sessionRegistry());
>     }
>
>     // Work around https://jira.spring.io/browse/SEC-2855
>     @Bean
>     public SessionRegistry sessionRegistry() {
>         SessionRegistry sessionRegistry = new SessionRegistryImpl();
>         return sessionRegistry;
>     }
>
>     @Autowired
>     public void configureGlobal(AuthenticationManagerBuilder auth) throws
> Exception {
>         auth
>                 .inMemoryAuthentication()
>                     .withUser("mifos").password("password").roles("USER");
>     }
>
>     // Register HttpSessionEventPublisher
>     @Bean
>     public static ServletListenerRegistrationBean
> httpSessionEventPublisher() {
>         return new ServletListenerRegistrationBean(new
> HttpSessionEventPublisher());
>     }
> }
>
> I have also registered the Spring Security filter created above in the
> AbstractSecurityWebApplicationInitializer in the infrastructure/core/boot
> directory as follows:
>
> public class SecurityWebApplicationInitializer
>     extends AbstractSecurityWebApplicationInitializer {
>     protected Class<?>[] getRootConfigClasses() {
>         return new Class[] { WebSecurityConfig.class };
>     }
> }
> However, I am still able to log into multiple browser sessions from my
> machine. Any advise on what I am doing wrong with my code? Thanks in
> advance.
>
> --
> Kind Regards
> Usman Khaliq
> Programmer and R&D Lead
> iDT Labs
> 5 Foday Drive,Regent Road,Hill Station
> Freetown,Sierra Leone
> Tel: +92334 3777 059/ + 232 77 775 775
> Skype: usman.khaliq
> Website:www.idtlabs.sl
>



-- 
Ippez Roberts
Director & Founder - Skyline Technologies Uganda
"IT Consultants & Engineers"
P.O.Box 155, Moyo
UGANDA.
Tel: +256788725408/789643284
Skype ID: ippez.robert1
Email: ippezrobert@gmail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message