org.springframework.security.web.session
Class ConcurrentSessionFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.session.ConcurrentSessionFilter
- All Implemented Interfaces:
- javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware
public class ConcurrentSessionFilter
- extends GenericFilterBean
Filter required by concurrent session handling package.
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request
so that registered sessions always have a correct "last update" date/time. Second, it retrieves a
SessionInformation
from the SessionRegistry
for each request and checks if the session has been marked as expired.
If it has been marked as expired, the configured logout handlers will be called (as happens with
LogoutFilter
), typically to invalidate the session.
A redirect to the expiredURL specified will be performed, and the session invalidation will cause an
HttpSessionDestroyedEvent
to be published via the
HttpSessionEventPublisher
registered in web.xml
.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ConcurrentSessionFilter
public ConcurrentSessionFilter()
- Deprecated. Use constructor which injects the SessionRegistry.
ConcurrentSessionFilter
public ConcurrentSessionFilter(SessionRegistry sessionRegistry)
ConcurrentSessionFilter
public ConcurrentSessionFilter(SessionRegistry sessionRegistry,
String expiredUrl)
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interface InitializingBean
- Overrides:
afterPropertiesSet
in class GenericFilterBean
doFilter
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
- Throws:
IOException
javax.servlet.ServletException
determineExpiredUrl
protected String determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
SessionInformation info)
setExpiredUrl
@Deprecated
public void setExpiredUrl(String expiredUrl)
- Deprecated. use constructor injection instead
setSessionRegistry
@Deprecated
public void setSessionRegistry(SessionRegistry sessionRegistry)
- Deprecated. use constructor injection instead
setLogoutHandlers
public void setLogoutHandlers(LogoutHandler[] handlers)
setRedirectStrategy
public void setRedirectStrategy(RedirectStrategy redirectStrategy)