org.acegisecurity.concurrent
public class ConcurrentSessionControllerImpl extends java.lang.Object implements ConcurrentSessionController, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
ConcurrentSessionControllerImpl
which prohibits simultaneous logins.By default
uses SessionRegistryImpl
, although any SessionRegistry
may be used.
Modifier and Type | Field and Description |
---|---|
protected org.springframework.context.support.MessageSourceAccessor |
messages |
Constructor and Description |
---|
ConcurrentSessionControllerImpl() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected void |
allowableSessionsExceeded(java.lang.String sessionId,
SessionInformation[] sessions,
int allowableSessions,
SessionRegistry registry)
Allows subclasses to customise behaviour when too many sessions are detected.
|
void |
checkAuthenticationAllowed(Authentication request)
Called by any class that wishes to know whether the current authentication request should be permitted.
|
protected int |
getMaximumSessionsForThisUser(Authentication authentication)
Method intended for use by subclasses to override the maximum number of sessions that are permitted for
a particular authentication.
|
void |
registerSuccessfulAuthentication(Authentication authentication)
Called by an
AuthenticationManager when the authentication was successful. |
void |
setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded) |
void |
setMaximumSessions(int maximumSessions) |
void |
setMessageSource(org.springframework.context.MessageSource messageSource) |
void |
setSessionRegistry(SessionRegistry sessionRegistry) |
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
protected void allowableSessionsExceeded(java.lang.String sessionId, SessionInformation[] sessions, int allowableSessions, SessionRegistry registry)
sessionId
- the session ID of the present requestsessions
- either null
or all unexpired sessions associated with the principalallowableSessions
- DOCUMENT ME!registry
- an instance of the SessionRegistry
for subclass useConcurrentLoginException
- DOCUMENT ME!public void checkAuthenticationAllowed(Authentication request) throws AuthenticationException
ConcurrentSessionController
AuthenticationManager
s before they authenticate, but could equally
include Filter
s or other interceptors that wish to confirm the ongoing validity of a previously
authenticated Authentication
.The implementation should throw a suitable exception if the user has exceeded their maximum allowed concurrent sessions.
checkAuthenticationAllowed
in interface ConcurrentSessionController
request
- the authentication request (never null
)AuthenticationException
- if the user has exceeded their maximum allowed current sessionsprotected int getMaximumSessionsForThisUser(Authentication authentication)
maximumSessions
value
for the bean.authentication
- to determine the maximum sessions forpublic void registerSuccessfulAuthentication(Authentication authentication)
ConcurrentSessionController
AuthenticationManager
when the authentication was successful. An
implementation is expected to register the authenticated user in some sort of registry, for future concurrent
tracking via the ConcurrentSessionController.checkAuthenticationAllowed(Authentication)
method.registerSuccessfulAuthentication
in interface ConcurrentSessionController
authentication
- the successfully authenticated user (never null
)public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded)
public void setMaximumSessions(int maximumSessions)
public void setMessageSource(org.springframework.context.MessageSource messageSource)
setMessageSource
in interface org.springframework.context.MessageSourceAware
public void setSessionRegistry(SessionRegistry sessionRegistry)
Copyright © 2004-2014 Interface21, Inc. All Rights Reserved.