org.springframework.security.concurrent
Interface ConcurrentSessionController

All Known Implementing Classes:

ConcurrentSessionControllerImpl, NullConcurrentSessionController

public interface ConcurrentSessionController

Provides two methods that can be called by an AuthenticationManager to integrate with the concurrent session handling infrastructure.

Version:

$Id$

Author:

Ben Alex

Method Summary

void	checkAuthenticationAllowed(Authentication request) Called by any class that wishes to know whether the current authentication request should be permitted.
void	registerSuccessfulAuthentication(Authentication authentication) Called by an AuthenticationManager when the authentication was successful.

Method Detail

checkAuthenticationAllowed

void checkAuthenticationAllowed(Authentication request)
                                throws AuthenticationException

Called by any class that wishes to know whether the current authentication request should be permitted. Generally callers will be AuthenticationManagers before they authenticate, but could equally include Filters or other interceptors that wish to confirm the ongoing validity of a previously authenticated Authentication.

The implementation should throw a suitable exception if the user has exceeded their maximum allowed concurrent sessions.

Parameters:

request - the authentication request (never null)

Throws:

AuthenticationException - if the user has exceeded their maximum allowed current sessions

registerSuccessfulAuthentication

void registerSuccessfulAuthentication(Authentication authentication)

Called by an AuthenticationManager when the authentication was successful. An implementation is expected to register the authenticated user in some sort of registry, for future concurrent tracking via the checkAuthenticationAllowed(Authentication) method.

Parameters:

authentication - the successfully authenticated user (never null)