org.springframework.security.web.session
Class ConcurrentSessionFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.web.session.ConcurrentSessionFilter
All Implemented Interfaces:
javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware

public class ConcurrentSessionFilter
extends GenericFilterBean

Filter required by concurrent session handling package.

This filter performs two functions. First, it calls SessionRegistry.refreshLastRequest(String) for each request so that registered sessions always have a correct "last update" date/time. Second, it retrieves a SessionInformation from the SessionRegistry for each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with LogoutFilter), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an HttpSessionDestroyedEvent to be published via the HttpSessionEventPublisher registered in web.xml.


Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
ConcurrentSessionFilter()
          Deprecated. Use constructor which injects the SessionRegistry.
ConcurrentSessionFilter(SessionRegistry sessionRegistry)
           
ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl)
           
 
Method Summary
 void afterPropertiesSet()
           
protected  String determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
           
 void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
           
 void setExpiredUrl(String expiredUrl)
          Deprecated. use constructor injection instead
 void setLogoutHandlers(LogoutHandler[] handlers)
           
 void setRedirectStrategy(RedirectStrategy redirectStrategy)
           
 void setSessionRegistry(SessionRegistry sessionRegistry)
          Deprecated. use constructor injection instead
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ConcurrentSessionFilter

public ConcurrentSessionFilter()
Deprecated. Use constructor which injects the SessionRegistry.


ConcurrentSessionFilter

public ConcurrentSessionFilter(SessionRegistry sessionRegistry)

ConcurrentSessionFilter

public ConcurrentSessionFilter(SessionRegistry sessionRegistry,
                               String expiredUrl)
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
Specified by:
afterPropertiesSet in interface InitializingBean
Overrides:
afterPropertiesSet in class GenericFilterBean

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Throws:
IOException
javax.servlet.ServletException

determineExpiredUrl

protected String determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
                                     SessionInformation info)

setExpiredUrl

@Deprecated
public void setExpiredUrl(String expiredUrl)
Deprecated. use constructor injection instead


setSessionRegistry

@Deprecated
public void setSessionRegistry(SessionRegistry sessionRegistry)
Deprecated. use constructor injection instead


setLogoutHandlers

public void setLogoutHandlers(LogoutHandler[] handlers)

setRedirectStrategy

public void setRedirectStrategy(RedirectStrategy redirectStrategy)