账户登录时，要求一个账户同时只能一人登录，配置中的步骤有三个：
　　1.在web.xml中配置HttpSessionEventPublisher
　　<listener>
　　<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
　　</listener>
　　2.在security.xml中配置session management
　　session-management标签放在http标签中
　　<session-management invalid-session-url="/login?invalid_session">
　　<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login?expired"/>
　　</session-management>
　　其中的"max-session"属性表示最大session会话数量，默认是1;"error-if-maximum-exceeded"属性默认是false，表示同一账号，先登录的，会被后登录者强制下线，为true时，表示一旦有用户登录，其他用户将无法登录。
　　3.重写user登录相关类中的equals和hashCode方法，若扩展了UserDetails，也要重写其equals和hashCode方法
User.java
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof User)) return false;
User that = (User) o;
if (guid != null ? !guid.equals(that.guid) : that.guid != null) return false;
return true;
}
@Override
public int hashCode() {
return guid != null ? guid.hashCode() : 0;
}
StUserDetails.java
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof StUserDetails)) return false;
StUserDetails that = (StUserDetails) o;
if (grantedAuthorities != null ? !grantedAuthorities.equals(that.grantedAuthorities) : that.grantedAuthorities != null)
return false;
if (user != null ? !user.equals(that.user) : that.user != null) return false;
return true;
}
@Override
public int hashCode() {
int result = user != null ? user.hashCode() : 0;
result = 31 * result + (grantedAuthorities != null ? grantedAuthorities.hashCode() : 0);
return result;
}