security.xml关键配置如下
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/session-expired.htm" />
</bean>
<!--sessionRegistry-->
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="1"></property>
<property name="exceptionIfMaximumExceeded" value="true"></property>
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="fromLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="sessionAuthenticationStrategy" ref="sas"/><!-- 此配置可实现获取所有登录用户信息 -->
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="fromFailureHandler" />
<property name="filterProcessesUrl" value="/old/login" />
</bean>
利用sessionRegistry.getAllPrincipals();返回的list是空,求解