java.lang.Object | ||
↳ | org.springframework.web.filter.GenericFilterBean | |
↳ | org.springframework.security.web.session.SessionManagementFilter |
Detects that a user has been authenticated since the start of the request and, if they have, calls the
configured SessionAuthenticationStrategy
to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
The handler which will be invoked if the AuthenticatedSessionStrategy raises a
SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this
session (typically because they already have too many sessions open).
| |||||||||||
Sets the strategy which will be invoked instead of allowing the filter chain to prceed, if the user agent
requests an invalid session Id.
| |||||||||||
This method is deprecated.
Use constructor injection
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.web.filter.GenericFilterBean
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
javax.servlet.Filter
| |||||||||||
From interface
org.springframework.beans.factory.BeanNameAware
| |||||||||||
From interface
org.springframework.beans.factory.DisposableBean
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.web.context.ServletContextAware
|
IOException | |
---|---|
ServletException |
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
Sets the strategy which will be invoked instead of allowing the filter chain to prceed, if the user agent requests an invalid session Id. If the property is not set, no action will be taken.
invalidSessionStrategy | the strategy to invoke. Typically a SimpleRedirectInvalidSessionStrategy .
|
---|
This method is deprecated.
Use constructor injection
Sets the strategy object which handles the session management behaviour when a user has been authenticated during the current request.
sessionAuthenticationStrategy | the strategy object. If not set, a SessionFixationProtectionStrategy is used. |
---|