Hi folks!
The answer is:
There is no embedded solutions in spring 3.0
but can offer several solutions:
1. Maintain own user management container:
like this
HttpSession session = se.getSession();
ServletContext context = session.getServletContext();
HashMap activeUsers = (HashMap)context.getAttribute("activeUsers");
activeUsers.put(session.getId(), session);
context.setAttribute("activeUsers", activeUsers);
in sessionCreated method of sessionListner in i successsfully get the list of active user's name and there session id but when i do like that
HttpSessionContext context=request.getSession().getSessionContext();
ServletContext sc=request.getSession().getServletContext();
HashMap activeUsers = (HashMap)sc.getAttribute("activeUsers");
HttpSession session=request.getSession();
if(activeUsers.containsKey(this.sessionID)==true){ session.invalidate(); }
https://coderanch.com/t/497470/Servlets/java/invalidate-user-session-forcefully
2. Using jmx beans:
The same problem described and solved there
http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/