public class

ConcurrentSessionFilter

extends GenericFilterBean

java.lang.Object
↳	org.springframework.web.filter.GenericFilterBean
	↳	org.springframework.security.web.session.ConcurrentSessionFilter

Class Overview

Filter required by concurrent session handling package.

This filter performs two functions. First, it calls refreshLastRequest(String) for each request so that registered sessions always have a correct "last update" date/time. Second, it retrieves a SessionInformation from the SessionRegistry for each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with LogoutFilter), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an HttpSessionDestroyedEvent to be published via the HttpSessionEventPublisher registered in web.xml.

Summary

[Expand]

Inherited Fields

From class org.springframework.web.filter.GenericFilterBean

Public Constructors
	ConcurrentSessionFilter() This constructor is deprecated. Use constructor which injects the `SessionRegistry`.
	ConcurrentSessionFilter(SessionRegistry sessionRegistry)
	ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl)

Public Methods
void	afterPropertiesSet()
void	doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
void	setExpiredUrl(String expiredUrl) This method is deprecated. use constructor injection instead
void	setLogoutHandlers(LogoutHandler[] handlers)
void	setRedirectStrategy(RedirectStrategy redirectStrategy)
void	setSessionRegistry(SessionRegistry sessionRegistry) This method is deprecated. use constructor injection instead

Protected Methods
String	determineExpiredUrl(HttpServletRequest request, SessionInformation info)

[Expand]

Inherited Methods

From class org.springframework.web.filter.GenericFilterBean

final void	addRequiredProperty(String arg0)
void	afterPropertiesSet()
void	destroy()
final FilterConfig	getFilterConfig()
final String	getFilterName()
final ServletContext	getServletContext()
final void	init(FilterConfig arg0)
void	initBeanWrapper(BeanWrapper arg0)
void	initFilterBean()
final void	setBeanName(String arg0)
final void	setFilterConfig(FilterConfig arg0)
final void	setServletContext(ServletContext arg0)

From class java.lang.Object

From interface javax.servlet.Filter

From interface org.springframework.beans.factory.BeanNameAware

From interface org.springframework.beans.factory.DisposableBean

From interface org.springframework.beans.factory.InitializingBean

From interface org.springframework.web.context.ServletContextAware

Public Constructors

public ConcurrentSessionFilter ()

This constructor is deprecated.
Use constructor which injects the SessionRegistry.

public ConcurrentSessionFilter (SessionRegistry sessionRegistry)

public ConcurrentSessionFilter (SessionRegistry sessionRegistry, String expiredUrl)

Public Methods

public void afterPropertiesSet ()

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws

IOException
ServletException

public void setExpiredUrl (String expiredUrl)

This method is deprecated.
use constructor injection instead

public void setLogoutHandlers (LogoutHandler[] handlers)

public void setRedirectStrategy (RedirectStrategy redirectStrategy)

public void setSessionRegistry (SessionRegistry sessionRegistry)