public class ConcurrentSessionFilter
extends org.springframework.web.filter.GenericFilterBean
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request so that registered sessions always have a correct "last update"
date/time. Second, it retrieves a
SessionInformation
from the
SessionRegistry
for each request and checks if the session has been marked
as expired. If it has been marked as expired, the configured logout handlers will be
called (as happens with
LogoutFilter
), typically
to invalidate the session. To handle the expired session a call to the
SessionInformationExpiredStrategy
is made. The session invalidation will cause
an HttpSessionDestroyedEvent
to be
published via the
HttpSessionEventPublisher
registered
in web.xml
.
Constructor and Description |
---|
ConcurrentSessionFilter(SessionRegistry sessionRegistry) |
ConcurrentSessionFilter(SessionRegistry sessionRegistry,
SessionInformationExpiredStrategy sessionInformationExpiredStrategy) |
ConcurrentSessionFilter(SessionRegistry sessionRegistry,
java.lang.String expiredUrl)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected java.lang.String |
determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
SessionInformation info)
Deprecated.
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
void |
setLogoutHandlers(java.util.List<LogoutHandler> handlers)
Set list of
LogoutHandler |
void |
setLogoutHandlers(LogoutHandler[] handlers) |
void |
setRedirectStrategy(RedirectStrategy redirectStrategy)
Deprecated.
|
public ConcurrentSessionFilter(SessionRegistry sessionRegistry)
@Deprecated public ConcurrentSessionFilter(SessionRegistry sessionRegistry, java.lang.String expiredUrl)
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)
with SimpleRedirectSessionInformationExpiredStrategy
instead.sessionRegistry
- the SessionRegistry to useexpiredUrl
- the URL to redirect topublic ConcurrentSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy)
public void afterPropertiesSet()
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
afterPropertiesSet
in class org.springframework.web.filter.GenericFilterBean
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
java.io.IOException
javax.servlet.ServletException
@Deprecated protected java.lang.String determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)
instead.request
- the HttpServletRequestinfo
- the SessionInformation
public void setLogoutHandlers(LogoutHandler[] handlers)
public void setLogoutHandlers(java.util.List<LogoutHandler> handlers)
LogoutHandler
handlers
- list of LogoutHandler
@Deprecated public void setRedirectStrategy(RedirectStrategy redirectStrategy)
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)
instead.RedirectStrategy
used with
ConcurrentSessionFilter(SessionRegistry, String)
redirectStrategy
- the RedirectStrategy
to use