Class SessionManagementFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.session.SessionManagementFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class SessionManagementFilter extends org.springframework.web.filter.GenericFilterBean
Detects that a user has been authenticated since the start of the request and, if they have, calls the configuredSessionAuthenticationStrategy
to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.- Since:
- 2.0
-
-
Constructor Summary
Constructors Constructor Description SessionManagementFilter(SecurityContextRepository securityContextRepository)
SessionManagementFilter(SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionStrategy)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void
setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).void
setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.void
setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use.void
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used.
-
-
-
Constructor Detail
-
SessionManagementFilter
public SessionManagementFilter(SecurityContextRepository securityContextRepository)
-
SessionManagementFilter
public SessionManagementFilter(SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionStrategy)
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
setInvalidSessionStrategy
public void setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID. If the property is not set, no action will be taken.- Parameters:
invalidSessionStrategy
- the strategy to invoke. Typically aSimpleRedirectInvalidSessionStrategy
.
-
setAuthenticationFailureHandler
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
-