public class ConcurrentSessionFilter extends GenericFilterBean
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request
so that registered sessions always have a correct "last update" date/time. Second, it retrieves a
SessionInformation
from the SessionRegistry
for each request and checks if the session has been marked as expired.
If it has been marked as expired, the configured logout handlers will be called (as happens with
LogoutFilter
), typically to invalidate the session.
A redirect to the expiredURL specified will be performed, and the session invalidation will cause an
HttpSessionDestroyedEvent
to be published via the
HttpSessionEventPublisher
registered in web.xml
.
logger
Constructor and Description |
---|
ConcurrentSessionFilter()
Deprecated.
Use constructor which injects the SessionRegistry.
|
ConcurrentSessionFilter(SessionRegistry sessionRegistry) |
ConcurrentSessionFilter(SessionRegistry sessionRegistry,
String expiredUrl) |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected String |
determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
SessionInformation info) |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setExpiredUrl(String expiredUrl)
Deprecated.
use constructor injection instead
|
void |
setLogoutHandlers(LogoutHandler[] handlers) |
void |
setRedirectStrategy(RedirectStrategy redirectStrategy) |
void |
setSessionRegistry(SessionRegistry sessionRegistry)
Deprecated.
use constructor injection instead
|
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
public ConcurrentSessionFilter()
public ConcurrentSessionFilter(SessionRegistry sessionRegistry)
public ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl)
public void afterPropertiesSet()
afterPropertiesSet
in interface InitializingBean
afterPropertiesSet
in class GenericFilterBean
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
IOException
javax.servlet.ServletException
protected String determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
@Deprecated public void setExpiredUrl(String expiredUrl)
@Deprecated public void setSessionRegistry(SessionRegistry sessionRegistry)
public void setLogoutHandlers(LogoutHandler[] handlers)
public void setRedirectStrategy(RedirectStrategy redirectStrategy)