Examples of org.springframework.security.core.session.SessionInformation

• org.springframework.security.core.session.SessionInformation
  Represents a record of a session within the Spring Security framework.

  This is primarily used for concurrent session support.

  Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter. @author Ben Alex

    @Override
    public void removeSessionInformation(String sessionId) {
        Assert.hasText(sessionId, "SessionId required as per interface contract");

        SessionInformation info = getSessionInformation(sessionId);

        if (info == null) {
            return;
        }

        if (log.isTraceEnabled()) {
            log.debug("Removing session " + sessionId + " from set of registered sessions");
        }

        if (!isSuccess(client.delete(sessionId))) {
            log.error(String.format("Error removing session from cache: %s", sessionId));
        }

        Set<String> sessionsUsedByPrincipal = (Set<String>) client.get(((User) info.getPrincipal()).getUuid());

        if (sessionsUsedByPrincipal == null) {
            return;
        }

        if (log.isDebugEnabled()) {
            log.debug("Removing session " + sessionId + " from principal's set of registered sessions");
        }

        sessionsUsedByPrincipal.remove(sessionId);

        if (sessionsUsedByPrincipal.isEmpty()) {
            // No need to keep object in principals Map anymore
            if (log.isDebugEnabled()) {
                log.debug("Removing principal " + info.getPrincipal() + " from registry");
            }
            client.delete(((User) info.getPrincipal()).getUuid());
        } else {
            client.replace(((User) info.getPrincipal()).getUuid(), 86400, sessionsUsedByPrincipal);
        }

        if (log.isTraceEnabled()) {
            log.trace("Sessions used by '" + info.getPrincipal() + "' : " + sessionsUsedByPrincipal);
        }
    }

        HttpServletResponse response = (HttpServletResponse) res;

        HttpSession session = request.getSession(false);

        if (session != null) {
            SessionInformation info = sessionRegistry.getSessionInformation(session.getId());

            if (info != null) {
                if (info.isExpired()) {
                    // Expired - abort processing
                    doLogout(request, response);

                    String targetUrl = determineExpiredUrl(request, info);

                    if (targetUrl != null) {
                        redirectStrategy.sendRedirect(request, response, targetUrl);

                        return;
                    } else {
                        response.getWriter().print("This session has been expired (possibly due to multiple concurrent " +
                                "logins being attempted as the same user).");
                        response.flushBuffer();
                    }

                    return;
                } else {
                    // Non-expired - update last request date/time
                    info.refreshLastRequest();
                }
            }
        }

        chain.doFilter(request, response);

                    new Object[] {new Integer(allowableSessions)},
                    "Maximum sessions of {0} for this principal exceeded"));
        }

        // Determine least recently used session, and mark it for invalidation
        SessionInformation leastRecentlyUsed = null;

        for (int i = 0; i < sessions.size(); i++) {
            if ((leastRecentlyUsed == null)
                    || sessions.get(i).getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
                leastRecentlyUsed = sessions.get(i);
            }
        }

        leastRecentlyUsed.expireNow();
    }

        try {
        HttpServletRequest request=(HttpServletRequest)req;
            HttpServletResponse response=(HttpServletResponse)res;
            HttpSession session=request.getSession(false);
            if(session!=null){
                SessionInformation info=sessionRegistry.getSessionInformation(session.getId());
                if(info!=null){
                    if(info.isExpired()){
                        doLogout(request,response);
                        if(invalidSessionHandler!=null)
                            invalidSessionHandler.sessionInvalidated(request,response);
                        else{
                            response.getWriter().print("This session has been expired (possibly due to multiple concurrent " +
                                      "logins being attempted as the same user).");
                            response.flushBuffer();
                        }
                        return;
                    }else{
                        info.refreshLastRequest();
                    }
                }
            }
          chain.doFilter(request,response);
    } catch (AccessDeniedException ex) {

     * 根据会话ID获取在线用户
     * @param sessionID
     * @return 用户
     */
    public User getUser(String sessionID) {
        SessionInformation info=sessionRegistry.getSessionInformation(sessionID);
        if(info == null){
            LOG.debug("没有获取到会话ID为："+sessionID+" 的在线用户");
            return null;
        }
        User user = (User)info.getPrincipal();
        LOG.debug("获取到会话ID为："+sessionID+" 的在线用户 "+user.getUsername());

        return user;
    }