org.springframework.security.web.session
Class SessionManagementFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.session.SessionManagementFilter
- All Implemented Interfaces:
- Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware
public class SessionManagementFilter
- extends GenericFilterBean
Detects that a user has been authenticated since the start of the request and, if they have, calls the
configured SessionAuthenticationStrategy
to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.
- Since:
- 2.0
- Version:
- $Id: SessionManagementFilter.java 3921 2009-10-05 16:40:32Z ltaylor $
- Author:
- Martin Algesten, Luke Taylor
Methods inherited from class org.springframework.web.filter.GenericFilterBean |
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SessionManagementFilter
public SessionManagementFilter(SecurityContextRepository securityContextRepository)
doFilter
public void doFilter(ServletRequest req,
ServletResponse res,
FilterChain chain)
throws IOException,
ServletException
- Throws:
IOException
ServletException
setSessionAuthenticationStrategy
public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy)
- Sets the strategy object which handles the session management behaviour when a
user has been authenticated during the current request.
- Parameters:
sessionStrategy
- the strategy object. If not set, a SessionFixationProtectionStrategy
is used.
setInvalidSessionUrl
public void setInvalidSessionUrl(String invalidSessionUrl)
- Sets the URL to which the response should be redirected if the user agent requests an invalid session Id.
If the property is not set, no action will be taken.
- Parameters:
invalidSessionUrl
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
- The handler which will be invoked if the AuthenticatedSessionStrategy raises a
SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this
session (typically because they already have too many sessions open).
setRedirectStrategy
public void setRedirectStrategy(RedirectStrategy redirectStrategy)
Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.