Class SessionManagementConfigurer.ConcurrencyControlConfigurer
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
- Enclosing class:
- SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
public final class SessionManagementConfigurer.ConcurrencyControlConfigurer extends java.lang.Object
Allows configuring controlling of multiple sessions.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SessionManagementConfigurer<H>
and()
Used to chain back to theSessionManagementConfigurer
SessionManagementConfigurer.ConcurrencyControlConfigurer
expiredSessionStrategy(SessionInformationExpiredStrategy expiredSessionStrategy)
Determines the behaviour when an expired session is detected.SessionManagementConfigurer.ConcurrencyControlConfigurer
expiredUrl(java.lang.String expiredUrl)
The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.SessionManagementConfigurer.ConcurrencyControlConfigurer
maximumSessions(int maximumSessions)
Controls the maximum number of sessions for a user.SessionManagementConfigurer.ConcurrencyControlConfigurer
maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)
If true, prevents a user from authenticating when themaximumSessions(int)
has been reached.SessionManagementConfigurer.ConcurrencyControlConfigurer
sessionRegistry(SessionRegistry sessionRegistry)
Controls theSessionRegistry
implementation used.
-
-
-
Method Detail
-
maximumSessions
public SessionManagementConfigurer.ConcurrencyControlConfigurer maximumSessions(int maximumSessions)
Controls the maximum number of sessions for a user. The default is to allow any number of users.- Parameters:
maximumSessions
- the maximum number of sessions for a user- Returns:
- the
SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizations
-
expiredUrl
public SessionManagementConfigurer.ConcurrencyControlConfigurer expiredUrl(java.lang.String expiredUrl)
The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user. The default is to write a simple error message to the response.- Parameters:
expiredUrl
- the URL to redirect to- Returns:
- the
SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizations
-
expiredSessionStrategy
public SessionManagementConfigurer.ConcurrencyControlConfigurer expiredSessionStrategy(SessionInformationExpiredStrategy expiredSessionStrategy)
Determines the behaviour when an expired session is detected.- Parameters:
expiredSessionStrategy
- theSessionInformationExpiredStrategy
to use when an expired session is detected.- Returns:
- the
SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizations
-
maxSessionsPreventsLogin
public SessionManagementConfigurer.ConcurrencyControlConfigurer maxSessionsPreventsLogin(boolean maxSessionsPreventsLogin)
If true, prevents a user from authenticating when themaximumSessions(int)
has been reached. Otherwise (default), the user who authenticates is allowed access and an existing user's session is expired. The user's who's session is forcibly expired is sent toexpiredUrl(String)
. The advantage of this approach is if a user accidentally does not log out, there is no need for an administrator to intervene or wait till their session expires.- Parameters:
maxSessionsPreventsLogin
- true to have an error at time of authentication, else false (default)- Returns:
- the
SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizations
-
sessionRegistry
public SessionManagementConfigurer.ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegistry)
Controls theSessionRegistry
implementation used. The default isSessionRegistryImpl
which is an in memory implementation.- Parameters:
sessionRegistry
- theSessionRegistry
to use- Returns:
- the
SessionManagementConfigurer.ConcurrencyControlConfigurer
for further customizations
-
and
public SessionManagementConfigurer<H> and()
Used to chain back to theSessionManagementConfigurer
- Returns:
- the
SessionManagementConfigurer
for further customizations
-
-