Example 1 with CompositeSessionAuthenticationStrategy
use of org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy in project spring-security by spring-projects.
the class SessionManagementConfigurer method getSessionAuthenticationStrategy.
/**
* Gets the customized {@link SessionAuthenticationStrategy} if
* {@link #sessionAuthenticationStrategy(SessionAuthenticationStrategy)} was
* specified. Otherwise creates a default {@link SessionAuthenticationStrategy}.
* @return the {@link SessionAuthenticationStrategy} to use
*/
private SessionAuthenticationStrategy getSessionAuthenticationStrategy(H http) {
if (this.sessionAuthenticationStrategy != null) {
return this.sessionAuthenticationStrategy;
}
List<SessionAuthenticationStrategy> delegateStrategies = this.sessionAuthenticationStrategies;
SessionAuthenticationStrategy defaultSessionAuthenticationStrategy;
if (this.providedSessionAuthenticationStrategy == null) {
// If the user did not provide a SessionAuthenticationStrategy
// then default to sessionFixationAuthenticationStrategy
defaultSessionAuthenticationStrategy = postProcess(this.sessionFixationAuthenticationStrategy);
} else {
defaultSessionAuthenticationStrategy = this.providedSessionAuthenticationStrategy;
}
if (isConcurrentSessionControlEnabled()) {
SessionRegistry sessionRegistry = getSessionRegistry(http);
ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
concurrentSessionControlStrategy.setMaximumSessions(this.maximumSessions);
concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(this.maxSessionsPreventsLogin);
concurrentSessionControlStrategy = postProcess(concurrentSessionControlStrategy);
RegisterSessionAuthenticationStrategy registerSessionStrategy = new RegisterSessionAuthenticationStrategy(sessionRegistry);
registerSessionStrategy = postProcess(registerSessionStrategy);
delegateStrategies.addAll(Arrays.asList(concurrentSessionControlStrategy, defaultSessionAuthenticationStrategy, registerSessionStrategy));
} else {
delegateStrategies.add(defaultSessionAuthenticationStrategy);
}
this.sessionAuthenticationStrategy = postProcess(new CompositeSessionAuthenticationStrategy(delegateStrategies));
return this.sessionAuthenticationStrategy;
}
Also used :
SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)
CompositeSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)
RegisterSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
CompositeSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)
RegisterSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)
ConcurrentSessionControlAuthenticationStrategy(org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)
Aggregations
SessionRegistry (org.springframework.security.core.session.SessionRegistry)1
CompositeSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)1
ConcurrentSessionControlAuthenticationStrategy (org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)1
RegisterSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)1
SessionAuthenticationStrategy (org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)1
