Search in sources :

Example 1 with CompositeSessionAuthenticationStrategy

use of org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy in project spring-security by spring-projects.

the class SessionManagementConfigurer method getSessionAuthenticationStrategy.

/**
 * Gets the customized {@link SessionAuthenticationStrategy} if
 * {@link #sessionAuthenticationStrategy(SessionAuthenticationStrategy)} was
 * specified. Otherwise creates a default {@link SessionAuthenticationStrategy}.
 * @return the {@link SessionAuthenticationStrategy} to use
 */
private SessionAuthenticationStrategy getSessionAuthenticationStrategy(H http) {
    if (this.sessionAuthenticationStrategy != null) {
        return this.sessionAuthenticationStrategy;
    }
    List<SessionAuthenticationStrategy> delegateStrategies = this.sessionAuthenticationStrategies;
    SessionAuthenticationStrategy defaultSessionAuthenticationStrategy;
    if (this.providedSessionAuthenticationStrategy == null) {
        // If the user did not provide a SessionAuthenticationStrategy
        // then default to sessionFixationAuthenticationStrategy
        defaultSessionAuthenticationStrategy = postProcess(this.sessionFixationAuthenticationStrategy);
    } else {
        defaultSessionAuthenticationStrategy = this.providedSessionAuthenticationStrategy;
    }
    if (isConcurrentSessionControlEnabled()) {
        SessionRegistry sessionRegistry = getSessionRegistry(http);
        ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
        concurrentSessionControlStrategy.setMaximumSessions(this.maximumSessions);
        concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(this.maxSessionsPreventsLogin);
        concurrentSessionControlStrategy = postProcess(concurrentSessionControlStrategy);
        RegisterSessionAuthenticationStrategy registerSessionStrategy = new RegisterSessionAuthenticationStrategy(sessionRegistry);
        registerSessionStrategy = postProcess(registerSessionStrategy);
        delegateStrategies.addAll(Arrays.asList(concurrentSessionControlStrategy, defaultSessionAuthenticationStrategy, registerSessionStrategy));
    } else {
        delegateStrategies.add(defaultSessionAuthenticationStrategy);
    }
    this.sessionAuthenticationStrategy = postProcess(new CompositeSessionAuthenticationStrategy(delegateStrategies));
    return this.sessionAuthenticationStrategy;
}
Also used : SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) CompositeSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy) RegisterSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy) SessionRegistry(org.springframework.security.core.session.SessionRegistry) CompositeSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy) RegisterSessionAuthenticationStrategy(org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy) ConcurrentSessionControlAuthenticationStrategy(org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)

Aggregations

SessionRegistry (org.springframework.security.core.session.SessionRegistry)1 CompositeSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)1 ConcurrentSessionControlAuthenticationStrategy (org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)1 RegisterSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)1 SessionAuthenticationStrategy (org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)1