public class ConcurrentSessionFilter extends SpringSecurityFilter implements org.springframework.beans.factory.InitializingBean
This filter performs two functions. First, it calls
SessionRegistry.refreshLastRequest(String)
for each request
so that registered sessions always have a correct "last update" date/time. Second, it retrieves a
SessionInformation
from the SessionRegistry
for each request and checks if the session has been marked as expired.
If it has been marked as expired, the configured logout handlers will be called (as happens with
LogoutFilter
), typically to invalidate the session.
A redirect to the expiredURL specified will be performed, and the session invalidation will cause an
HttpSessionDestroyedEvent
to be published via the
HttpSessionEventPublisher
registered in web.xml
.
logger
Constructor and Description |
---|
ConcurrentSessionFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected java.lang.String |
determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
SessionInformation info) |
void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
int |
getOrder() |
void |
setExpiredUrl(java.lang.String expiredUrl) |
void |
setLogoutHandlers(LogoutHandler[] handlers) |
void |
setSessionRegistry(SessionRegistry sessionRegistry) |
destroy, doFilter, init, toString
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public void doFilterHttp(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilterHttp
in class SpringSecurityFilter
java.io.IOException
javax.servlet.ServletException
protected java.lang.String determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
public void setExpiredUrl(java.lang.String expiredUrl)
public void setSessionRegistry(SessionRegistry sessionRegistry)
public void setLogoutHandlers(LogoutHandler[] handlers)
public int getOrder()
getOrder
in interface org.springframework.core.Ordered