public class

ConcurrentSessionFilter

extends GenericFilterBean
java.lang.Object
   ↳ org.springframework.web.filter.GenericFilterBean
     ↳ org.springframework.security.web.session.ConcurrentSessionFilter

Class Overview

Filter required by concurrent session handling package.

This filter performs two functions. First, it calls refreshLastRequest(String) for each request so that registered sessions always have a correct "last update" date/time. Second, it retrieves a SessionInformation from the SessionRegistry for each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with LogoutFilter), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an HttpSessionDestroyedEvent to be published via the HttpSessionEventPublisher registered in web.xml.

Summary

[Expand]
Inherited Fields
From class org.springframework.web.filter.GenericFilterBean
Public Constructors
ConcurrentSessionFilter()
This constructor is deprecated. Use constructor which injects the SessionRegistry.
ConcurrentSessionFilter(SessionRegistry sessionRegistry)
ConcurrentSessionFilter(SessionRegistry sessionRegistry, String expiredUrl)
Public Methods
void afterPropertiesSet()
void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
void setExpiredUrl(String expiredUrl)
This method is deprecated. use constructor injection instead
void setLogoutHandlers(LogoutHandler[] handlers)
void setRedirectStrategy(RedirectStrategy redirectStrategy)
void setSessionRegistry(SessionRegistry sessionRegistry)
This method is deprecated. use constructor injection instead
Protected Methods
String determineExpiredUrl(HttpServletRequest request, SessionInformation info)
[Expand]
Inherited Methods
From class org.springframework.web.filter.GenericFilterBean
From class java.lang.Object
From interface javax.servlet.Filter
From interface org.springframework.beans.factory.BeanNameAware
From interface org.springframework.beans.factory.DisposableBean
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.web.context.ServletContextAware

Public Constructors

public ConcurrentSessionFilter ()

This constructor is deprecated.
Use constructor which injects the SessionRegistry.

public ConcurrentSessionFilter (SessionRegistry sessionRegistry)

public ConcurrentSessionFilter (SessionRegistry sessionRegistry, String expiredUrl)

Public Methods

public void afterPropertiesSet ()

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws
IOException
ServletException

public void setExpiredUrl (String expiredUrl)

This method is deprecated.
use constructor injection instead

public void setLogoutHandlers (LogoutHandler[] handlers)

public void setRedirectStrategy (RedirectStrategy redirectStrategy)

public void setSessionRegistry (SessionRegistry sessionRegistry)

This method is deprecated.
use constructor injection instead

Protected Methods

protected String determineExpiredUrl (HttpServletRequest request, SessionInformation info)