The problem I am facing is that ,when I login the first user then the user gets logged in and a session is created ,but when I login second User, then first user gets converted into second one and session also gets replaced I. old session gets replaced with current Session ,What I want is that multiple users should be able to login at a time and should have their own unique session.
I tried the session Management in Springboot3 config file but nothing worked.
package com.springboot.Admin_Officer_Security_Temp.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import com.springboot.Admin_Officer_Security_Temp.Service.UserDetailsServiceImpl;
@Configuration
@EnableWebSecurity
public class UserConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthentic`enter code here`ationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService());
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/css/**", "/images/**", "/login").permitAll()
.requestMatchers("/Myprofile", "/Updateprofile", "/Adduser", "/Allusers", "/Dashboard").authenticated()
.anyRequest().authenticated())
.formLogin(form -> form.loginPage("/login").permitAll().defaultSuccessUrl("/Dashboard")
.failureUrl("/login?error=true"))
.logout(logout -> logout.invalidateHttpSession(true).deleteCookies("JSESSIONID"))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED));
return http.build();
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry());
}
@Bean
public HttpSessionEventPublisher `enter code here`httpSessionEventPublisher() {
return new HttpSessionEventPublisher();
}
}
This the config code