SessionManagementFilter
extends GenericFilterBean| java.lang.Object | ||
| ↳ | org.springframework.web.filter.GenericFilterBean | |
| ↳ | org.springframework.security.web.session.SessionManagementFilter | |
Class Overview
Detects that a user has been authenticated since the start of the request and, if they have, calls the
configured SessionAuthenticationStrategy to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.
Summary
|
[Expand]
Inherited Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
 From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
The handler which will be invoked if the AuthenticatedSessionStrategy raises a
SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this
session (typically because they already have too many sessions open).
| |||||||||||
Sets the strategy which will be invoked instead of allowing the filter chain to prceed, if the user agent
requests an invalid session Id.
| |||||||||||
This method is deprecated.
Use constructor injection
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
javax.servlet.Filter
| |||||||||||
|
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
|
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
|
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
|
From interface
org.springframework.web.context.ServletContextAware
| |||||||||||
Public Constructors
public SessionManagementFilter (SecurityContextRepository securityContextRepository, SessionAuthenticationStrategy sessionStrategy)
Public Methods
public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)
Throws
| IOException | |
|---|---|
| ServletException |
public void setAuthenticationFailureHandler (AuthenticationFailureHandler failureHandler)
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
public void setInvalidSessionStrategy (InvalidSessionStrategy invalidSessionStrategy)
Sets the strategy which will be invoked instead of allowing the filter chain to prceed, if the user agent requests an invalid session Id. If the property is not set, no action will be taken.
Parameters
| invalidSessionStrategy | the strategy to invoke. Typically a SimpleRedirectInvalidSessionStrategy.
|
|---|
public void setSessionAuthenticationStrategy (SessionAuthenticationStrategy sessionAuthenticationStrategy)
This method is deprecated.
Use constructor injection
Sets the strategy object which handles the session management behaviour when a user has been authenticated during the current request.
Parameters
| sessionAuthenticationStrategy | the strategy object. If not set, a SessionFixationProtectionStrategy is used. |
|---|