Skip to content

Commit 469a3ed

Browse files
AB-xdevAB-xdev
committed
SessionManagement#maximumSessions has no effect when using OIDC
OIDC uses different auth (exchanged tokens) for every login therefore the amount of sessions will never be > 1
1 parent 8ad7fb3 commit 469a3ed

3 files changed

Lines changed: 0 additions & 7 deletions

File tree

demo/webapp-rest/src/main/java/software/xdev/sse/demo/security/MainWebSecurity.java

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,6 @@ public SecurityFilterChain configure(
5151
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
5252
.contentTypeOptions(Customizer.withDefaults())
5353
.contentSecurityPolicy(csp -> csp.policyDirectives(cspGenerator.buildCSP())))
54-
.sessionManagement(c ->
55-
// Limit maximum session per user
56-
c.sessionConcurrency(sc -> sc.maximumSessions(5)))
5754
.oauth2Login(c -> c.defaultSuccessUrl("/"))
5855
// Disable CSRF for REST API for demo purposes
5956
.csrf(c -> c.ignoringRequestMatchers("/api/**"))

demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/security/MainWebSecurity.java

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,9 +61,6 @@ protected void configure(final HttpSecurity http) throws Exception
6161
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
6262
.contentTypeOptions(Customizer.withDefaults())
6363
.referrerPolicy(p -> p.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN)))
64-
.sessionManagement(c ->
65-
// Limit maximum session per user
66-
c.sessionConcurrency(sc -> sc.maximumSessions(5)))
6764
.oauth2Login(c -> {
6865
c.defaultSuccessUrl("/" + MainView.NAV);
6966
this.rememberLoginProvider.configureOAuth2Login(c);

vaadin/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,6 @@ public class MainWebSecurity extends TotalVaadinFlowWebSecurity
4747
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
4848
.contentTypeOptions(Customizer.withDefaults())
4949
.referrerPolicy(p -> p.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN)))
50-
.sessionManagement(c -> c.sessionConcurrency(sc -> sc.maximumSessions(5)))
5150
.oauth2Login(c -> {
5251
c.defaultSuccessUrl("/" + WorkdayView.NAV);
5352
this.rememberLoginProvider.configureOAuth2Login(c);

0 commit comments

Comments
 (0)