Skip to main content

You are currently viewing the Trifork Blog, to view our full website please go to

Using Spring Session for concurrent session control in a clustered environment

For a long time, Spring Security has provided support to limit the number of sessions a single user can have concurrently. This prevents users from being logged in from many different devices at the same time, for example to ensure that they won’t share their credentials to a paid site with their friends and family. […]

Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC

Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC

A web application me and my team are building recently underwent a security review. As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface. We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects […]

Declarative multi-tenant security with Spring Security and Spring-MVC

It’s been a while since our last ‘from the trenches’ entry, and as I’ve found I am better at authoring blogs than convincing colleagues to do the same I figured I’d write you another installment. This time I’d like to focus on an easy yet powerful approach that we used to secure a multi-tenant Spring-MVC […]

Adding user info to log entries in a multi-user app using Mapped Diagnostic Context

Have you ever been in the situation where you were looking at one of your production log files and had a hard time seeing what log entries belonged to what requests? In a multi-user web application many requests are handled in parallel, so without additional context it becomes almost impossible to see how a single […]

Authenticate against a hippo repository using spring security

Within a number of my projects we use Hippo to create a website. Hippo contains a JackRabbit repository that has capabilities for authenticating and authorizing users. Hippo builds on this functionality for its own security model. In most of these projects we create an integration component to store content in the repository from other systems […]