public final class SessionManagementConfigurer.ConcurrencyControlConfigurer
extends java.lang.Object
Modifier and Type | Method and Description |
---|---|
SessionManagementConfigurer<H> |
and()
Used to chain back to the
SessionManagementConfigurer |
SessionManagementConfigurer.ConcurrencyControlConfigurer |
expiredSessionStrategy(SessionInformationExpiredStrategy expiredSessionStrategy)
Determines the behaviour when an expired session is detected.
|
SessionManagementConfigurer.ConcurrencyControlConfigurer |
expiredUrl(java.lang.String expiredUrl)
The URL to redirect to if a user tries to access a resource and their session
has been expired due to too many sessions for the current user.
|
SessionManagementConfigurer.ConcurrencyControlConfigurer |
maximumSessions(int maximumSessions)
Controls the maximum number of sessions for a user.
|
SessionManagementConfigurer.ConcurrencyControlConfigurer |
maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)
If true, prevents a user from authenticating when the
maximumSessions(int) has been reached. |
SessionManagementConfigurer.ConcurrencyControlConfigurer |
sessionRegistry(SessionRegistry sessionRegistry)
Controls the
SessionRegistry implementation used. |
public SessionManagementConfigurer.ConcurrencyControlConfigurer maximumSessions(int maximumSessions)
maximumSessions
- the maximum number of sessions for a userSessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizationspublic SessionManagementConfigurer.ConcurrencyControlConfigurer expiredUrl(java.lang.String expiredUrl)
expiredUrl
- the URL to redirect toSessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizationspublic SessionManagementConfigurer.ConcurrencyControlConfigurer expiredSessionStrategy(SessionInformationExpiredStrategy expiredSessionStrategy)
expiredSessionStrategy
- the SessionInformationExpiredStrategy
to
use when an expired session is detected.SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizationspublic SessionManagementConfigurer.ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)
maximumSessions(int)
has been reached. Otherwise (default), the user
who authenticates is allowed access and an existing user's session is expired.
The user's who's session is forcibly expired is sent to
expiredUrl(String)
. The advantage of this approach is if a user
accidentally does not log out, there is no need for an administrator to
intervene or wait till their session expires.maxSessionsPreventsLogin
- true to have an error at time of
authentication, else false (default)SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizationspublic SessionManagementConfigurer.ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry)
SessionRegistry
implementation used. The default is
SessionRegistryImpl
which is an in memory implementation.sessionRegistry
- the SessionRegistry
to useSessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizationspublic SessionManagementConfigurer<H> and()
SessionManagementConfigurer
SessionManagementConfigurer
for further customizations