Example 11 with SessionInformation
use of org.springframework.security.core.session.SessionInformation in project spring-security by spring-projects.
the class ConcurrentSessionControlAuthenticationStrategy method allowableSessionsExceeded.
/**
* Allows subclasses to customise behaviour when too many sessions are detected.
*
* @param sessions either <code>null</code> or all unexpired sessions associated with
* the principal
* @param allowableSessions the number of concurrent sessions the user is allowed to
* have
* @param registry an instance of the <code>SessionRegistry</code> for subclass use
*
*/
protected void allowableSessionsExceeded(List<SessionInformation> sessions, int allowableSessions, SessionRegistry registry) throws SessionAuthenticationException {
if (exceptionIfMaximumExceeded || (sessions == null)) {
throw new SessionAuthenticationException(messages.getMessage("ConcurrentSessionControlAuthenticationStrategy.exceededAllowed", new Object[] { Integer.valueOf(allowableSessions) }, "Maximum sessions of {0} for this principal exceeded"));
}
// Determine least recently used session, and mark it for invalidation
SessionInformation leastRecentlyUsed = null;
for (SessionInformation session : sessions) {
if ((leastRecentlyUsed == null) || session.getLastRequest().before(leastRecentlyUsed.getLastRequest())) {
leastRecentlyUsed = session;
}
}
leastRecentlyUsed.expireNow();
}
Also used :
SessionInformation(org.springframework.security.core.session.SessionInformation)
Example 12 with SessionInformation
use of org.springframework.security.core.session.SessionInformation in project OpenClinica by OpenClinica.
the class OpenClinicaSessionRegistryImpl method removeSessionInformation.
@Override
public void removeSessionInformation(String sessionId) {
SessionInformation info = getSessionInformation(sessionId);
if (info != null) {
User u = (User) info.getPrincipal();
auditLogout(u.getUsername());
}
super.removeSessionInformation(sessionId);
}
Also used :
SessionInformation(org.springframework.security.core.session.SessionInformation)
User(org.springframework.security.core.userdetails.User)
Aggregations
SessionInformation (org.springframework.security.core.session.SessionInformation)12
Date (java.util.Date)7
Test (org.junit.Test)7
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6
MockFilterChain (org.springframework.mock.web.MockFilterChain)5
SessionRegistry (org.springframework.security.core.session.SessionRegistry)5
ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)5
MockHttpSession (org.springframework.mock.web.MockHttpSession)4
Matchers.anyString (org.mockito.Matchers.anyString)3
RedirectStrategy (org.springframework.security.web.RedirectStrategy)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpSession (javax.servlet.http.HttpSession)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Before (org.junit.Before)1
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1
Authentication (org.springframework.security.core.Authentication)1
User (org.springframework.security.core.userdetails.User)1
LogoutHandler (org.springframework.security.web.authentication.logout.LogoutHandler)1
SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)1
