Examples of ConcurrentSessionControlStrategy

org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy

Strategy which handles concurrent session-control, in addition to the functionality provided by the base class. When invoked following an authentication, it will check whether the user in question should be allowed to proceed, by comparing the number of sessions they already have active with the configured maximumSessions value. The {@link SessionRegistry} is used as the source of data on authenticated users and session data.

If a user has reached the maximum number of permitted sessions, the behaviour depends on the exceptionIfMaxExceeded property. The default behaviour is to expired the least recently used session, which will be invalidated by the {@link ConcurrentSessionFilter} if accessed again. If exceptionIfMaxExceeded isset to true, however, the user will be prevented from starting a new authenticated session.

This strategy can be injected into both the {@link SessionManagementFilter} and instances of{@link AbstractAuthenticationProcessingFilter} (typically {@link UsernamePasswordAuthenticationFilter}). @author Luke Taylor @since 3.0 @deprecated Use {@link ConcurrentSessionControlAuthenticationStrategy} instead

    private SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
        if(sessionAuthenticationStrategy != null) {
            return sessionAuthenticationStrategy;
        }
        if(isConcurrentSessionControlEnabled()) {
            ConcurrentSessionControlStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlStrategy(sessionRegistry);
            concurrentSessionControlStrategy.setMaximumSessions(maximumSessions);
            concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(maxSessionsPreventsLogin);
            sessionAuthenticationStrategy = concurrentSessionControlStrategy;
        }
        return sessionAuthenticationStrategy;
    }

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.

Examples of ConcurrentSessionControlStrategy

Examples of org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy