SessionManagementConfigurer.ConcurrencyControlConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class SessionManagementConfigurer.ConcurrencyControlConfigurer

java.lang.Object
  org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Enclosing class:: SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>

public final class SessionManagementConfigurer.ConcurrencyControlConfigurer
extends Object
extends Object

Allows configuring controlling of multiple sessions.

Method Summary
`SessionManagementConfigurer<H>`	`and()` Used to chain back to the `SessionManagementConfigurer`
`SessionManagementConfigurer.ConcurrencyControlConfigurer`	`expiredUrl(String expiredUrl)` The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.
`SessionManagementConfigurer.ConcurrencyControlConfigurer`	`maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)` If true, prevents a user from authenticating when the `SessionManagementConfigurer.maximumSessions(int)` has been reached.
`SessionManagementConfigurer.ConcurrencyControlConfigurer`	`sessionRegistry(SessionRegistry sessionRegistry)` Controls the `SessionRegistry` implementation used.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

expiredUrl

public SessionManagementConfigurer.ConcurrencyControlConfigurer expiredUrl(String expiredUrl)

The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user. The default is to write a simple error message to the response.

Parameters:: expiredUrl - the URL to redirect to
Returns:: the SessionManagementConfigurer.ConcurrencyControlConfigurer for further customizations

maxSessionsPreventsLogin

public SessionManagementConfigurer.ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)

If true, prevents a user from authenticating when the SessionManagementConfigurer.maximumSessions(int) has been reached. Otherwise (default), the user who authenticates is allowed access and an existing user's session is expired. The user's who's session is forcibly expired is sent to expiredUrl(String). The advantage of this approach is if a user accidentally does not log out, there is no need for an administrator to intervene or wait till their session expires.

Parameters:: maxSessionsPreventsLogin - true to have an error at time of authentication, else false (default)
Returns:: the SessionManagementConfigurer.ConcurrencyControlConfigurer for further customizations

sessionRegistry

public SessionManagementConfigurer.ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry)

Controls the SessionRegistry implementation used. The default is SessionRegistryImpl which is an in memory implementation.

Parameters:: sessionRegistry - the SessionRegistry to use
Returns:: the SessionManagementConfigurer.ConcurrencyControlConfigurer for further customizations

and

public SessionManagementConfigurer<H> and()

Used to chain back to the SessionManagementConfigurer

Returns:: the SessionManagementConfigurer for further customizations