Class ConcurrentSessionFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.session.ConcurrentSessionFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class ConcurrentSessionFilter
extends org.springframework.web.filter.GenericFilterBean
Filter required by concurrent session handling package.
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request so that registered sessions always have a correct "last update"
date/time. Second, it retrieves a
SessionInformation
from the
SessionRegistry
for each request and checks if the session has been marked
as expired. If it has been marked as expired, the configured logout handlers will be
called (as happens with
LogoutFilter
), typically
to invalidate the session. To handle the expired session a call to the
SessionInformationExpiredStrategy
is made. The session invalidation will cause
an HttpSessionDestroyedEvent
to be
published via the
HttpSessionEventPublisher
registered
in web.xml
.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionConcurrentSessionFilter
(SessionRegistry sessionRegistry) ConcurrentSessionFilter
(SessionRegistry sessionRegistry, String expiredUrl) Deprecated.ConcurrentSessionFilter
(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy) -
Method Summary
Modifier and TypeMethodDescriptionvoid
protected String
determineExpiredUrl
(jakarta.servlet.http.HttpServletRequest request, SessionInformation info) Deprecated.void
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) void
setLogoutHandlers
(List<LogoutHandler> handlers) Set list ofLogoutHandler
void
setLogoutHandlers
(LogoutHandler[] handlers) void
setRedirectStrategy
(RedirectStrategy redirectStrategy) Deprecated.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
ConcurrentSessionFilter
-
ConcurrentSessionFilter
Deprecated.Creates a new instance- Parameters:
sessionRegistry
- the SessionRegistry to useexpiredUrl
- the URL to redirect to
-
ConcurrentSessionFilter
public ConcurrentSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy)
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
- Overrides:
afterPropertiesSet
in classorg.springframework.web.filter.GenericFilterBean
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
determineExpiredUrl
@Deprecated protected String determineExpiredUrl(jakarta.servlet.http.HttpServletRequest request, SessionInformation info) Deprecated.Determine the URL for expiration- Parameters:
request
- the HttpServletRequestinfo
- theSessionInformation
- Returns:
- the URL for expiration
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setLogoutHandlers
-
setLogoutHandlers
Set list ofLogoutHandler
- Parameters:
handlers
- list ofLogoutHandler
- Since:
- 5.2.0
-
setRedirectStrategy
Deprecated.Sets theRedirectStrategy
used withConcurrentSessionFilter(SessionRegistry, String)
- Parameters:
redirectStrategy
- theRedirectStrategy
to use
-
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)
withSimpleRedirectSessionInformationExpiredStrategy
instead.