public class ConcurrentSessionFilter extends GenericFilterBean
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request so that registered sessions always have a correct "last update"
date/time. Second, it retrieves a
SessionInformation from the
SessionRegistry for each request and checks if the session has been marked
as expired. If it has been marked as expired, the configured logout handlers will be
called (as happens with
LogoutFilter), typically
to invalidate the session. A redirect to the expiredURL specified will be performed,
and the session invalidation will cause an
HttpSessionDestroyedEvent to be
published via the
HttpSessionEventPublisher registered
in web.xml.
logger| Constructor and Description |
|---|
ConcurrentSessionFilter(org.springframework.security.core.session.SessionRegistry sessionRegistry) |
ConcurrentSessionFilter(org.springframework.security.core.session.SessionRegistry sessionRegistry,
String expiredUrl) |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
protected String |
determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
org.springframework.security.core.session.SessionInformation info) |
void |
doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain) |
void |
setLogoutHandlers(LogoutHandler[] handlers) |
void |
setRedirectStrategy(RedirectStrategy redirectStrategy) |
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic ConcurrentSessionFilter(org.springframework.security.core.session.SessionRegistry sessionRegistry)
public ConcurrentSessionFilter(org.springframework.security.core.session.SessionRegistry sessionRegistry,
String expiredUrl)
public void afterPropertiesSet()
afterPropertiesSet in interface InitializingBeanafterPropertiesSet in class GenericFilterBeanpublic void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
IOExceptionjavax.servlet.ServletExceptionprotected String determineExpiredUrl(javax.servlet.http.HttpServletRequest request, org.springframework.security.core.session.SessionInformation info)
public void setLogoutHandlers(LogoutHandler[] handlers)
public void setRedirectStrategy(RedirectStrategy redirectStrategy)