public class SessionManagementFilter
extends org.springframework.web.filter.GenericFilterBean
SessionAuthenticationStrategy
to perform any
session-related activity such as activating session-fixation protection mechanisms or
checking for multiple concurrent logins.Constructor and Description |
---|
SessionManagementFilter(SecurityContextRepository securityContextRepository) |
SessionManagementFilter(SecurityContextRepository securityContextRepository,
SessionAuthenticationStrategy sessionStrategy) |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
The handler which will be invoked if the AuthenticatedSessionStrategy
raises a SessionAuthenticationException, indicating that the user is not
allowed to be authenticated for this session (typically because they already have
too many sessions open).
|
void |
setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
Sets the strategy which will be invoked instead of allowing the filter chain to
proceed, if the user agent requests an invalid session ID.
|
void |
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
public SessionManagementFilter(SecurityContextRepository securityContextRepository)
public SessionManagementFilter(SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionStrategy)
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
java.io.IOException
javax.servlet.ServletException
public void setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
invalidSessionStrategy
- the strategy to invoke. Typically a
SimpleRedirectInvalidSessionStrategy
.public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver
to be used. The default is
AuthenticationTrustResolverImpl
.trustResolver
- the AuthenticationTrustResolver
to use. Cannot be
null.