Examples of ConcurrentSessionFilter

• org.springframework.security.web.session.ConcurrentSessionFilter
  Filter required by concurrent session handling package.

  This filter performs two functions. First, it calls {@link org.springframework.security.core.session.SessionRegistry#refreshLastRequest(String)} for each requestso that registered sessions always have a correct "last update" date/time. Second, it retrieves a {@link org.springframework.security.core.session.SessionInformation} from the SessionRegistryfor each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with {@link org.springframework.security.web.authentication.logout.LogoutFilter}), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an {@link org.springframework.security.web.session.HttpSessionDestroyedEvent} to be published via the{@link org.springframework.security.web.session.HttpSessionEventPublisher} registered in web.xml.

  @author Ben Alex

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        MockHttpSession session = new MockHttpSession();
        request.setSession(session);

        MockHttpServletResponse response = new MockHttpServletResponse();

        ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
        SessionRegistry registry = new SessionRegistryImpl();
        registry.registerNewSession(session.getId(), "principal");
        registry.getSessionInformation(session.getId()).expireNow();
        filter.setSessionRegistry(registry);

        FilterChain fc = mock(FilterChain.class);
        filter.doFilter(request, response, fc);
        verifyZeroInteractions(fc);

        assertEquals("This session has been expired (possibly due to multiple concurrent logins being " +
                "attempted as the same user).", response.getContentAsString());
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

                "attempted as the same user).", response.getContentAsString());
    }

    @Test(expected=IllegalArgumentException.class)
    public void detectsMissingSessionRegistry() throws Exception {
        ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
        filter.afterPropertiesSet();
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        filter.afterPropertiesSet();
    }

    @Test(expected=IllegalArgumentException.class)
    public void detectsInvalidUrl() throws Exception {
        ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
        filter.setExpiredUrl("ImNotValid");
        filter.afterPropertiesSet();
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        MockHttpServletResponse response = new MockHttpServletResponse();
        FilterChain fc = mock(FilterChain.class);

        // Setup our test fixture
        ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
        SessionRegistry registry = new SessionRegistryImpl();
        registry.registerNewSession(session.getId(), "principal");

        Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
        filter.setSessionRegistry(registry);
        filter.setExpiredUrl("/expired.jsp");

        Thread.sleep(1000);

        filter.doFilter(request, response, fc);

        verify(fc).doFilter(request, response);
        assertTrue(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest));
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        }
        sessionManagementFilter = postProcess(sessionManagementFilter);

        http.addFilter(sessionManagementFilter);
        if(isConcurrentSessionControlEnabled()) {
            ConcurrentSessionFilter concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry, expiredUrl);
            concurrentSessionFilter = postProcess(concurrentSessionFilter);
            http.addFilter(concurrentSessionFilter);
        }
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        request.setSession(session);

        MockHttpServletResponse response = new MockHttpServletResponse();

        // Setup our test fixture and registry to want this session to be expired
        ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
        filter.setRedirectStrategy(new DefaultRedirectStrategy());
        filter.setLogoutHandlers(new LogoutHandler[] {new SecurityContextLogoutHandler()});

        SessionRegistry registry = new SessionRegistryImpl();
        registry.registerNewSession(session.getId(), "principal");
        registry.getSessionInformation(session.getId()).expireNow();
        filter.setSessionRegistry(registry);
        filter.setExpiredUrl("/expired.jsp");
        filter.afterPropertiesSet();

        FilterChain fc = mock(FilterChain.class);
        filter.doFilter(request, response, fc);
        // Expect that the filter chain will not be invoked, as we redirect to expiredUrl
        verifyZeroInteractions(fc);

        assertEquals("/expired.jsp", response.getRedirectedUrl());
    }

Examples of org.springframework.security.web.session.ConcurrentSessionFilter

        }
        sessionManagementFilter = postProcess(sessionManagementFilter);

        http.addFilter(sessionManagementFilter);
        if(isConcurrentSessionControlEnabled()) {
            ConcurrentSessionFilter concurrentSessionFilter = new ConcurrentSessionFilter(sessionRegistry, expiredUrl);
            concurrentSessionFilter = postProcess(concurrentSessionFilter);
            http.addFilter(concurrentSessionFilter);
        }
    }