SuzanneZurich Respected Contributor.
Respected Contributor.
140 views

(OO) Support Tip: Limit sessions per user in OO

How to limit sessions per user in OO?

1 - Stop Central.

2 - Delete tomcat\temp and tomcat\work folders.

3 - Edit the following files and ensure the following is included:
 
central\tomcat\webapps\oo\WEB-INF\classes\META-INF\spring\securityContext.xml:
 
<security:http use-expressions="false" disable-url-rewriting="true" auto-config="false" pattern="/login/**"
access-decision-manager-ref="ooAccessDecisionManager">
<security:headers>
<security:cache-control />
<security:content-type-options />
<security:hsts />
<security:xss-protection />
<security:header ref="frameOptionsWriter"/>
</security:headers>
<security:csrf request-matcher-ref="csrfRequestMatcher"/>
<security:custom-filter ref="csrfTokenGeneratorFilter" after="CSRF_FILTER"/>
                          
        <!-- x509 Pre authentication - pull username -->
<security:custom-filter ref="ooX509AuthenticationFilter" position="X509_FILTER"/>
<security:custom-filter ref="lwsso2springsecfilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="springsec2lwssofilter" position="LAST" />
<security:intercept-url pattern="/central-remoting/**" access="login"/>
<security:http-basic/>
<security:logout logout-url="/j_spring_security_logout" delete-cookies="JSESSIONID"/>
<security:request-cache ref="pagesRequestCache" />
 
        <!--Since we would like to allow by default access, anonymous is enabled.  When the LDAP is configured the access decision manager should block anonymous requests.-->
<security:anonymous enabled="true"/>
 
  <security:session-management session-authentication-error-url="/err" >
      <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/err"/>
  </security:session-management>
                           
</security:http>
 
 
central\tomcat\webapps\oo\WEB-INF\web.xml:
 

<listener>
     <listener-class>net.bull.javamelody.SessionListener</listener-class>
  </listener>
 
<listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

Please see the knowledge document at https://softwaresupport.hpe.com/km/KM02806492

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.