Spring Security Framework

org.springframework.security.concurrent
Class ConcurrentSessionControllerImpl

java.lang.Object
  extended by org.springframework.security.concurrent.ConcurrentSessionControllerImpl
All Implemented Interfaces:
InitializingBean, MessageSourceAware, ConcurrentSessionController

public class ConcurrentSessionControllerImpl
extends Object
implements ConcurrentSessionController, InitializingBean, MessageSourceAware

Base implementation of ConcurrentSessionControllerImpl which prohibits simultaneous logins.

By default uses SessionRegistryImpl, although any SessionRegistry may be used.

Version:
$Id$
Author:
Ben Alex

Field Summary
protected  MessageSourceAccessor messages
           
 
Constructor Summary
ConcurrentSessionControllerImpl()
           
 
Method Summary
 void afterPropertiesSet()
           
protected  void allowableSessionsExceeded(String sessionId, SessionInformation[] sessions, int allowableSessions, SessionRegistry registry)
          Allows subclasses to customise behaviour when too many sessions are detected.
 void checkAuthenticationAllowed(Authentication request)
          Called by any class that wishes to know whether the current authentication request should be permitted.
protected  int getMaximumSessionsForThisUser(Authentication authentication)
          Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
 SessionRegistry getSessionRegistry()
           
 void registerSuccessfulAuthentication(Authentication authentication)
          Called by an AuthenticationManager when the authentication was successful.
 void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded)
           
 void setMaximumSessions(int maximumSessions)
           
 void setMessageSource(MessageSource messageSource)
           
 void setSessionRegistry(SessionRegistry sessionRegistry)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

messages

protected MessageSourceAccessor messages
Constructor Detail

ConcurrentSessionControllerImpl

public ConcurrentSessionControllerImpl()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

allowableSessionsExceeded

protected void allowableSessionsExceeded(String sessionId,
                                         SessionInformation[] sessions,
                                         int allowableSessions,
                                         SessionRegistry registry)
Allows subclasses to customise behaviour when too many sessions are detected.

Parameters:
sessionId - the session ID of the present request
sessions - either null or all unexpired sessions associated with the principal
allowableSessions - DOCUMENT ME!
registry - an instance of the SessionRegistry for subclass use
Throws:
ConcurrentLoginException - DOCUMENT ME!

checkAuthenticationAllowed

public void checkAuthenticationAllowed(Authentication request)
                                throws AuthenticationException
Description copied from interface: ConcurrentSessionController
Called by any class that wishes to know whether the current authentication request should be permitted. Generally callers will be AuthenticationManagers before they authenticate, but could equally include Filters or other interceptors that wish to confirm the ongoing validity of a previously authenticated Authentication.

The implementation should throw a suitable exception if the user has exceeded their maximum allowed concurrent sessions.

Specified by:
checkAuthenticationAllowed in interface ConcurrentSessionController
Parameters:
request - the authentication request (never null)
Throws:
AuthenticationException - if the user has exceeded their maximum allowed current sessions

getMaximumSessionsForThisUser

protected int getMaximumSessionsForThisUser(Authentication authentication)
Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication. The default implementation simply returns the maximumSessions value for the bean.

Parameters:
authentication - to determine the maximum sessions for
Returns:
either -1 meaning unlimited, or a positive integer to limit (never zero)

registerSuccessfulAuthentication

public void registerSuccessfulAuthentication(Authentication authentication)
Description copied from interface: ConcurrentSessionController
Called by an AuthenticationManager when the authentication was successful. An implementation is expected to register the authenticated user in some sort of registry, for future concurrent tracking via the ConcurrentSessionController.checkAuthenticationAllowed(Authentication) method.

Specified by:
registerSuccessfulAuthentication in interface ConcurrentSessionController
Parameters:
authentication - the successfully authenticated user (never null)

setExceptionIfMaximumExceeded

public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded)

setMaximumSessions

public void setMaximumSessions(int maximumSessions)

setMessageSource

public void setMessageSource(MessageSource messageSource)
Specified by:
setMessageSource in interface MessageSourceAware

setSessionRegistry

public void setSessionRegistry(SessionRegistry sessionRegistry)

getSessionRegistry

public SessionRegistry getSessionRegistry()

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.