jsf 2 - How to configure JAAS in JBoss AS 7 to accept only ONE SESSION PER USER? -

-

i got jboss work jaas authentication jsf application. seemed work fine when realized capable of logging in same user in different computers/browsers.

i wondering if there configuration missing make understand can't allow more 1 session per user.

at first, thought pretty straightforward, though that's not realized later. been reading 2 days @ jboss community website , in here.

here how configuration in standalone.xml looks like:

<security-domain name="***realm" cache-type="default">                 <authentication>                     <login-module code="database" flag="required">                         <module-option name="dsjndiname" value="java:jboss/datasources/***ds"/>                         <module-option name="principalsquery" value="select password users email=?"/>                         <module-option name="rolesquery" value="select role_name, 'roles' users email = ?"/>                         <module-option name="hashalgorithm" value="md5"/>                         <module-option name="hashencoding" value="base64"/>                     </login-module>                 </authentication>             </security-domain>

and related jaas tags web.xml:

<!-- allowed roles --> <security-role>     <role-name>superadmin</role-name> </security-role>  <security-role>     <role-name>admin</role-name> </security-role>  <security-role>     <role-name>user</role-name> </security-role> <!-- protected areas --> <security-constraint>     <web-resource-collection>         <web-resource-name>only super admins</web-resource-name>         <url-pattern>/protected/superadmin/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>superadmin</role-name>     </auth-constraint> </security-constraint>  <security-constraint>     <web-resource-collection>         <web-resource-name>only admins , superadmins</web-resource-name>         <url-pattern>/protected/admin/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>admin</role-name>         <role-name>superadmin</role-name>     </auth-constraint> </security-constraint>  <security-constraint>     <web-resource-collection>         <web-resource-name>users , admins , superadmins</web-resource-name>         <url-pattern>/protected/user/*</url-pattern>     </web-resource-collection>     <auth-constraint>         <role-name>superadmin</role-name>         <role-name>admin</role-name>         <role-name>user</role-name>     </auth-constraint> </security-constraint>  <!-- validation form --> <login-config>     <auth-method>form</auth-method>     <form-login-config>         <form-login-page>/login.jsf</form-login-page>         <form-error-page>/loginerror.jsf</form-error-page>     </form-login-config> </login-config> <!-- filter user name , work --> <filter>     <filter-name>loginfilter</filter-name>     <filter-class>br.com.icts.rybenapessoal.filters.loginfilter</filter-class> </filter> <filter-mapping>     <filter-name>loginfilter</filter-name>     <url-pattern>/protected/*</url-pattern> </filter-mapping>

i appreciate on either pointing me in right direction or helping me find out more documentation around issue.

regards. arthur


Comments

Post a Comment

Popular posts from this blog

Unable to remove the www from url on https using .htaccess -

-
i want remove www site url. ie. https://www.domainname.com.au https://domainname.com.au . i have tried various .htacces code nothing work me. here present code remove www http not work https. rewriteengine on rewritebase / rewritecond %{http_host} ^www\.(.*)$ [nc] rewriterule ^/(.*)$ http://%1/$1 [r=301,l] rewritecond %{https} off rewriterule ^(.*)$ https://domainname.com.au/$1 [r=301,l] rewriterule ^code-of-conducts/(.*)/$ code-of-conducts.php?type=$1 rewriterule ^parents/post-a-job/(.*)/edit/$ parents/post-a-job.php?action=edit&id=$1 rewriterule ^parents/post-a-job/(.*)/$ parents/post-a-job.php?job_type=$1 rewriterule ^parents/open-jobs/(.*)/delete/$ parents/open-jobs.php?action=delete&id=$1 rewriterule ^parent-profile/(.*)/$ parent-profile.php?id=$1 rewriterule ^parents/job-details/(.*)$ parents/job-details.php?applied_id=$1 rewriterule ^sitterprofile/(.*)/$ sitterprofile.php?id=$1 rewriterule ^sitter/job-board/state/(.*)/page/(.*)/$ sitter/job-board.ph...
Read more