Package org.springframework.security.config.web.server

Class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

Enclosing class:

ServerHttpSecurity.SessionManagementSpec

public class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
extends Object

Configures how many sessions are allowed for a given user.

Constructor Summary

Constructors

Constructor	Description
ConcurrentSessionsSpec()

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec	maximumSessions(SessionLimit sessionLimit)	Sets the maximum number of sessions allowed for any user.
ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec	maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)	Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.
ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec	sessionRegistry(ReactiveSessionRegistry reactiveSessionRegistry)	Sets the ReactiveSessionRegistry to use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ConcurrentSessionsSpec

public ConcurrentSessionsSpec()

Method Details

sessionRegistry

public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec sessionRegistry(ReactiveSessionRegistry reactiveSessionRegistry)

Sets the ReactiveSessionRegistry to use.

Parameters:

reactiveSessionRegistry - the ReactiveSessionRegistry to use

Returns:

the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

maximumSessions

public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessions(SessionLimit sessionLimit)

Sets the maximum number of sessions allowed for any user. You can use SessionLimit.of(int) to specify a positive integer or SessionLimit.UNLIMITED to allow unlimited sessions. To customize the maximum number of sessions on a per-user basis, you can provide a custom SessionLimit implementation, like so:

     http
         .sessionManagement((sessions) -> sessions
             .concurrentSessions((concurrency) -> concurrency
                 .maximumSessions((authentication) -> {
                     if (authentication.getName().equals("admin")) {
                         return Mono.empty() // unlimited sessions for admin
                     }
                     return Mono.just(1); // one session for every other user
                 })
             )
         )
 

Parameters:

sessionLimit - the maximum number of sessions allowed for any user

Returns:

the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

maximumSessionsExceededHandler

public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)

Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.

Parameters:

maximumSessionsExceededHandler - the ServerMaximumSessionsExceededHandler to use

Returns:

the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing