Examples of org.springframework.security.core.session.SessionInformation

Package org.springframework.security.core.session

Examples of org.springframework.security.core.session.SessionInformation

org.springframework.security.core.session.SessionInformation
Represents a record of a session within the Spring Security framework.
This is primarily used for concurrent session support.
Sessions have three states: active, expired, and destroyed. A session can that is invalidated by session.invalidate() or via Servlet Container management is considered "destroyed". An "expired" session, on the other hand, is a session that Spring Security wants to end because it was selected for removal for some reason (generally as it was the least recently used session and the maximum sessions for the user were reached). An "expired" session is removed as soon as possible by a Filter. @author Ben Alex

                    new Object[] {Integer.valueOf(allowableSessions)},
                    "Maximum sessions of {0} for this principal exceeded"));
        }


        // Determine least recently used session, and mark it for invalidation
        SessionInformation leastRecentlyUsed = null;


        for (SessionInformation session : sessions) {
            if ((leastRecentlyUsed == null)
                    || session.getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
                leastRecentlyUsed = session;
            }
        }


        leastRecentlyUsed.expireNow();
    }

View Full Code Here

                    new Object[] {Integer.valueOf(allowableSessions)},
                    "Maximum sessions of {0} for this principal exceeded"));
        }


        // Determine least recently used session, and mark it for invalidation
        SessionInformation leastRecentlyUsed = null;


        for (SessionInformation session : sessions) {
            if ((leastRecentlyUsed == null)
                    || session.getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
                leastRecentlyUsed = session;
            }
        }


        leastRecentlyUsed.expireNow();
    }

View Full Code Here

        HttpServletResponse response = (HttpServletResponse) res;


        HttpSession session = request.getSession(false);


        if (session != null) {
            SessionInformation info = sessionRegistry.getSessionInformation(session.getId());


            if (info != null) {
                if (info.isExpired()) {
                    // Expired - abort processing
                    doLogout(request, response);


                    String targetUrl = determineExpiredUrl(request, info);


                    if (targetUrl != null) {
                        redirectStrategy.sendRedirect(request, response, targetUrl);


                        return;
                    } else {
                        response.getWriter().print("This session has been expired (possibly due to multiple concurrent " +
                                "logins being attempted as the same user).");
                        response.flushBuffer();
                    }


                    return;
                } else {
                    // Non-expired - update last request date/time
                    sessionRegistry.refreshLastRequest(info.getSessionId());
                }
            }
        }


        chain.doFilter(request, response);

View Full Code Here

        sessions = sessionRegistry.getAllSessions(principal, false);
        assertEquals(2, sessions.size());
        assertTrue(contains(sessionId2, principal));


        // Expire one session
        SessionInformation session = sessionRegistry.getSessionInformation(sessionId2);
        session.expireNow();


        // Check retrieval still correct
        assertTrue(sessionRegistry.getSessionInformation(sessionId2).isExpired());
        assertFalse(sessionRegistry.getSessionInformation(sessionId1).isExpired());
    }

View Full Code Here

    public void testObject() throws Exception {
        Object principal = "Some principal object";
        String sessionId = "1234567890";
        Date currentDate = new Date();


        SessionInformation info = new SessionInformation(principal, sessionId, currentDate);
        assertEquals(principal, info.getPrincipal());
        assertEquals(sessionId, info.getSessionId());
        assertEquals(currentDate, info.getLastRequest());


        Thread.sleep(10);


        info.refreshLastRequest();


        assertTrue(info.getLastRequest().after(currentDate));
    }

View Full Code Here

    @Before
    public void setup() throws Exception {
        authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
        request = new MockHttpServletRequest();
        response = new MockHttpServletResponse();
        sessionInformation = new SessionInformation(authentication.getPrincipal(), "unique", new Date(1374766134216L));


        strategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
    }

View Full Code Here

        assertThat(sessionInformation.isExpired()).isTrue();
    }


    @Test
    public void maxSessionsExpireLeastRecentExistingUser() {
        SessionInformation moreRecentSessionInfo = new SessionInformation(authentication.getPrincipal(), "unique", new Date(1374766999999L));
        when(sessionRegistry.getAllSessions(any(), anyBoolean())).thenReturn(Arrays.<SessionInformation>asList(moreRecentSessionInfo,sessionInformation));
        strategy.setMaximumSessions(2);


        strategy.onAuthentication(authentication, request, response);

View Full Code Here

        List<SessionInformation> sessions = new ArrayList<SessionInformation>();
        if (principal instanceof User) {
            Set<String> sessionIds = (Set<String>) client.get(((User) principal).getUuid());
            if (sessionIds != null) {
                for (String id : sessionIds) {
                    SessionInformation info = (SessionInformation) client.get(id);
                    if (info != null) {
                        sessions.add(info);
                    } else {
                        removeSessionInformation(id);
                    }

View Full Code Here


    @Override
    public void refreshLastRequest(String sessionId) {
        Assert.hasText(sessionId, "SessionId required as per interface contract");


        SessionInformation info = getSessionInformation(sessionId);


        if (info != null) {
            info.refreshLastRequest();
            client.replace(sessionId, 86400, info);
        }
    }

View Full Code Here


        if (getSessionInformation(sessionId) != null) {
            removeSessionInformation(sessionId);
        }


        client.set(sessionId, 86400, new SessionInformation(principal, sessionId, new Date()));


        Set<String> sessionsUsedByPrincipal = (Set<String>) client.get(((User) principal).getUuid());


        if (sessionsUsedByPrincipal == null) {
            sessionsUsedByPrincipal = new CopyOnWriteArraySet<String>();

View Full Code Here

0 1

TOP

Related Classes of org.springframework.security.core.session.SessionInformation

com.sparc.knappsack.security.MemCachedSessionRegistryImpl

com.swinarta.sunflower.server.servlet.SeedConcurrentSessionFilter

org.apdplat.module.security.service.OnlineUserService

org.springframework.security.core.session.SessionInformationTests

org.springframework.security.core.session.SessionRegistryImplTests

org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategyTests

org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy

org.springframework.security.web.session.ConcurrentSessionFilter

java.util.Date

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.