Spring Security - ConcurrentSessionController configuration ( Acegi )

Spring, Acegi Security, Concurrent Session Controller
Configure the number of sessions/logons a user can process in parallel.

web.xml
Add a HttpSessionEvent Listener to web.xml - session creation, expiration and destroy event publisher, Acegis ConcurrentSessionController will subscribe to and handle the session events <listener>  <listener-class>org.acegisecurity.ui.session.HttpSessionEventPublisher</listener-class>  </listener>
spring-config.xml
Tell the AuthenticationManager that there is a ConcurrentSessionController :   <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">  <property name="providers">  <list>  <ref local="daoAuthenticationProvider" />  <ref local="anonymousAuthenticationProvider" />  <ref local="rememberMeAuthenticationProvider" />  </list>  </property>  <property name="sessionController"  ref="concurrentSessionController"/>  </bean>  <!-- session controller -->  <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">  <property name="maximumSessions" value="1"/>  <property name="exceptionIfMaximumExceeded" value="true"/>  <property name="sessionRegistry"><ref local="sessionRegistry"/> </property>  </bean> 
Create a SessionFilter and SessionRegistry: <!-- Concurrent session handling -->  <bean id="concurrentSessionFilter" class="org.acegisecurity.concurrent.ConcurrentSessionFilter">  <property name="sessionRegistry"> <ref bean="sessionRegistry"/> </property>  <property name="expiredUrl" value="/"/>  </bean>  <!-- used by concurrentSessionFilter and concurrentSessionController -->  <bean id="sessionRegistry" class="org.acegisecurity.concurrent.SessionRegistryImpl"/> 
Activate the session filter at the beginning of the FilterChain:
<!-- ========== FILTER CHAIN ============= -->  <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">  <property name="filterInvocationDefinitionSource">  <value>   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**/*=concurrentSessionFilter,httpSessionContextIntegrationFilter,authenticationProcessingFilter,channelProcessingFilter,remoteUserFilter,rememberMeProcessingFilter,anonymousProcessingFilter,logoutFilter,exceptionTranslationFilter,filterInvocationInterceptor </value>  </property>  </bean>