org.springframework.security.web.session

Class ConcurrentSessionFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.session.ConcurrentSessionFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class ConcurrentSessionFilter
extends org.springframework.web.filter.GenericFilterBean

Filter required by concurrent session handling package.

This filter performs two functions. First, it calls SessionRegistry.refreshLastRequest(String) for each request so that registered sessions always have a correct "last update" date/time. Second, it retrieves a SessionInformation from the SessionRegistry for each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with LogoutFilter), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an HttpSessionDestroyedEvent to be published via the HttpSessionEventPublisher registered in web.xml.

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
ConcurrentSessionFilter(SessionRegistry sessionRegistry)
ConcurrentSessionFilter(SessionRegistry sessionRegistry, java.lang.String expiredUrl)

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected java.lang.String	determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
void	setLogoutHandlers(LogoutHandler[] handlers)
void	setRedirectStrategy(RedirectStrategy redirectStrategy)

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ConcurrentSessionFilter

public ConcurrentSessionFilter(SessionRegistry sessionRegistry)

ConcurrentSessionFilter

public ConcurrentSessionFilter(SessionRegistry sessionRegistry,
                               java.lang.String expiredUrl)

Method Detail

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Throws:

java.io.IOException

javax.servlet.ServletException

determineExpiredUrl

protected java.lang.String determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
                                               SessionInformation info)

setLogoutHandlers

public void setLogoutHandlers(LogoutHandler[] handlers)

setRedirectStrategy

public void setRedirectStrategy(RedirectStrategy redirectStrategy)