Maximum concurrent users in Spring Security

Question

I am using Spring Security 3.0 in my project and I am restricting user to have maximum one session. Configuration is given below :

Answer 1

expired-url should be what you require. In the configuration for spring security

<security:concurrent-session-control
  max-sessions="1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />

also add following listener in web.xml.

org.springframework.security.web.session.HttpSessionEventPublisher 

Answer 2

spring-security-3.2.0 , message.properties :

ConcurrentSessionControlAuthenticationStrategy.exceededAllowed = Maximum sessions of {0} for this principal exceeded

Answer 3

Please keep this in your messages.properties

ConcurrentSessionControlStrategy.exceededAllowed=This account is already using by someone.

it will display "This account is already using by someone." you can give what ever you want.

Also don't forget to config Resourcebundle