Class ConcurrentSessionControlServerAuthenticationSuccessHandler
java.lang.Object
org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
- All Implemented Interfaces:
ServerAuthenticationSuccessHandler
public final class ConcurrentSessionControlServerAuthenticationSuccessHandler
extends Object
implements ServerAuthenticationSuccessHandler
Controls the number of sessions a user can have concurrently authenticated in an
application. It also allows for customizing behaviour when an authentication attempt is
made while the user already has the maximum number of sessions open. By default, it
allows a maximum of 1 session per user, if the maximum is exceeded, the user's least
recently used session(s) will be expired.
- Since:
- 6.3
- See Also:
-
Constructor Summary
ConstructorDescription -
Method Summary
Modifier and TypeMethodDescriptionreactor.core.publisher.Mono<Void>
onAuthenticationSuccess
(WebFilterExchange exchange, Authentication authentication) Invoked when the application authenticates successfullyvoid
setMaximumSessionsExceededHandler
(ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler) Sets theServerMaximumSessionsExceededHandler
to use.void
setSessionLimit
(SessionLimit sessionLimit) Sets the strategy used to resolve the maximum number of sessions that are allowed for a specificAuthentication
.
-
Constructor Details
-
ConcurrentSessionControlServerAuthenticationSuccessHandler
public ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry sessionRegistry)
-
-
Method Details
-
onAuthenticationSuccess
public reactor.core.publisher.Mono<Void> onAuthenticationSuccess(WebFilterExchange exchange, Authentication authentication) Description copied from interface:ServerAuthenticationSuccessHandler
Invoked when the application authenticates successfully- Specified by:
onAuthenticationSuccess
in interfaceServerAuthenticationSuccessHandler
- Parameters:
exchange
- the exchangeauthentication
- theAuthentication
- Returns:
- a completion notification (success or error)
-
setSessionLimit
Sets the strategy used to resolve the maximum number of sessions that are allowed for a specificAuthentication
. By default, it returns1
for any authentication.- Parameters:
sessionLimit
- theSessionLimit
to use
-
setMaximumSessionsExceededHandler
public void setMaximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler) Sets theServerMaximumSessionsExceededHandler
to use. The default isInvalidateLeastUsedServerMaximumSessionsExceededHandler
.- Parameters:
maximumSessionsExceededHandler
- theServerMaximumSessionsExceededHandler
to use
-