public class SessionManagementFilter extends GenericFilterBean
SessionAuthenticationStrategy to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.logger| Constructor and Description |
|---|
SessionManagementFilter(SecurityContextRepository securityContextRepository) |
SessionManagementFilter(SecurityContextRepository securityContextRepository,
SessionAuthenticationStrategy sessionStrategy) |
| Modifier and Type | Method and Description |
|---|---|
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
The handler which will be invoked if the AuthenticatedSessionStrategy raises a
SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this
session (typically because they already have too many sessions open).
|
void |
setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
Sets the strategy which will be invoked instead of allowing the filter chain to prceed, if the user agent
requests an invalid session Id.
|
void |
setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Deprecated.
Use constructor injection
|
void |
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic SessionManagementFilter(SecurityContextRepository securityContextRepository)
public SessionManagementFilter(SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionStrategy)
public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletException@Deprecated public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
sessionAuthenticationStrategy - the strategy object. If not set, a SessionFixationProtectionStrategy is used.public void setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy)
invalidSessionStrategy - the strategy to invoke. Typically a SimpleRedirectInvalidSessionStrategy.public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler)
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver to be used. The default is
AuthenticationTrustResolverImpl.trustResolver - the AuthenticationTrustResolver to use. Cannot be
null.