Hi ,
I am using Spring Security SAML extension with ADFS to establish WS-Trust.
I have successfully received the SAML2.0 response.
I have included ConcurrentSessionControlStrategy and ConcurrentSessionFilter in my security-context.xml for implementing User Concurrency.
Below is a part of security context.xml for concurrency.
I dont have any custom implementation for UserDetails and User classes.
I read in below posts saying we need to override equals() and hashcode() of the UserDetails class so that sessionRegistry can identify the Users.
http://stackoverflow.com/questions/3...y-control-work
http://stackoverflow.com/questions/1...multiple-times
Since Spring security SAML extension is using custom UserDetails, Do we still need to override equals() and hashcode() of UserDetails service? Can you tell how to do this?
We have SAMLUserDetails class already what we need to in that class in such a way , so that ConcurrencySessiopnFilter will work ?
If somebody say this in steps that will be very helpful for my understanding.
Thanks,
Selvakumar
I am using Spring Security SAML extension with ADFS to establish WS-Trust.
I have successfully received the SAML2.0 response.
I have included ConcurrentSessionControlStrategy and ConcurrentSessionFilter in my security-context.xml for implementing User Concurrency.
Below is a part of security context.xml for concurrency.
HTML Code:
<!-- Secured pages -->
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<!--<security:custom-filter before="FIRST" ref="metadataGeneratorFilter" /> -->
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:session-management session-authentication-strategy-ref="sessAuthStrategy"/>
<security:session-management session-authentication-strategy-ref="concurrencySessionControl"/>
</security:http>
<bean id="concurrencySessionControl" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/" />
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
</bean>I read in below posts saying we need to override equals() and hashcode() of the UserDetails class so that sessionRegistry can identify the Users.
http://stackoverflow.com/questions/3...y-control-work
http://stackoverflow.com/questions/1...multiple-times
Since Spring security SAML extension is using custom UserDetails, Do we still need to override equals() and hashcode() of UserDetails service? Can you tell how to do this?
We have SAMLUserDetails class already what we need to in that class in such a way , so that ConcurrencySessiopnFilter will work ?
If somebody say this in steps that will be very helpful for my understanding.
Thanks,
Selvakumar