org.springframework.security.concurrent

Class ConcurrentSessionFilter

java.lang.Object

org.springframework.security.ui.SpringSecurityFilter

org.springframework.security.concurrent.ConcurrentSessionFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.core.Ordered

public class ConcurrentSessionFilter
extends SpringSecurityFilter
implements org.springframework.beans.factory.InitializingBean

Filter required by concurrent session handling package.

This filter performs two functions. First, it calls SessionRegistry.refreshLastRequest(String) for each request so that registered sessions always have a correct "last update" date/time. Second, it retrieves a SessionInformation from the SessionRegistry for each request and checks if the session has been marked as expired. If it has been marked as expired, the configured logout handlers will be called (as happens with LogoutFilter), typically to invalidate the session. A redirect to the expiredURL specified will be performed, and the session invalidation will cause an HttpSessionDestroyedEvent to be published via the HttpSessionEventPublisher registered in web.xml.

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields inherited from class org.springframework.security.ui.SpringSecurityFilter

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor and Description
ConcurrentSessionFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected java.lang.String	determineExpiredUrl(javax.servlet.http.HttpServletRequest request, SessionInformation info)
void	doFilterHttp(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain)
int	getOrder()
void	setExpiredUrl(java.lang.String expiredUrl)
void	setLogoutHandlers(LogoutHandler[] handlers)
void	setSessionRegistry(SessionRegistry sessionRegistry)

Methods inherited from class org.springframework.security.ui.SpringSecurityFilter

destroy, doFilter, init, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

ConcurrentSessionFilter

public ConcurrentSessionFilter()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

java.lang.Exception

doFilterHttp

public void doFilterHttp(javax.servlet.http.HttpServletRequest request,
                javax.servlet.http.HttpServletResponse response,
                javax.servlet.FilterChain chain)
                  throws java.io.IOException,
                         javax.servlet.ServletException

Specified by:

doFilterHttp in class SpringSecurityFilter

Throws:

java.io.IOException

javax.servlet.ServletException

determineExpiredUrl

protected java.lang.String determineExpiredUrl(javax.servlet.http.HttpServletRequest request,
                                   SessionInformation info)

setExpiredUrl

public void setExpiredUrl(java.lang.String expiredUrl)

setSessionRegistry

public void setSessionRegistry(SessionRegistry sessionRegistry)

setLogoutHandlers

public void setLogoutHandlers(LogoutHandler[] handlers)

getOrder

public int getOrder()

Specified by:

getOrder in interface org.springframework.core.Ordered