Examples of ConcurrentSessionControlAuthenticationStrategy

org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Strategy which handles concurrent session-control.

When invoked following an authentication, it will check whether the user in question should be allowed to proceed, by comparing the number of sessions they already have active with the configured maximumSessions value. The {@link SessionRegistry} is used as the source of data on authenticatedusers and session data.

If a user has reached the maximum number of permitted sessions, the behaviour depends on the exceptionIfMaxExceeded property. The default behaviour is to expired the least recently used session, which will be invalidated by the {@link ConcurrentSessionFilter} if accessed again. IfexceptionIfMaxExceeded is set to true, however, the user will be prevented from starting a new authenticated session.

This strategy can be injected into both the {@link SessionManagementFilter}and instances of {@link AbstractAuthenticationProcessingFilter} (typically{@link UsernamePasswordAuthenticationFilter}), but is typically combined with {@link RegisterSessionAuthenticationStrategy} using{@link CompositeSessionAuthenticationStrategy}.

@see CompositeSessionAuthenticationStrategy @author Luke Taylor @author Rob Winch @since 3.2

        if(sessionAuthenticationStrategy != null) {
            return sessionAuthenticationStrategy;
        }
        List<SessionAuthenticationStrategy> delegateStrategies = sessionAuthenticationStrategies;
        if(isConcurrentSessionControlEnabled()) {
            ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
            concurrentSessionControlStrategy.setMaximumSessions(maximumSessions);
            concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(maxSessionsPreventsLogin);
            concurrentSessionControlStrategy = postProcess(concurrentSessionControlStrategy);


            RegisterSessionAuthenticationStrategy registerSessionStrategy = new RegisterSessionAuthenticationStrategy(sessionRegistry);
            registerSessionStrategy = postProcess(registerSessionStrategy);

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.

Examples of ConcurrentSessionControlAuthenticationStrategy

Examples of org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy