Examples with InvalidSessionStrategy org.springframework.security.web.session.InvalidSessionStrategy used on opensource projects

Search in sources :

Example 1 with InvalidSessionStrategy

use of org.springframework.security.web.session.InvalidSessionStrategy in project spring-security by spring-projects.

the class CsrfConfigurer method createAccessDeniedHandler.

/**
	 * Creates the {@link AccessDeniedHandler} from the result of
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} and
	 * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)}. If
	 * {@link #getInvalidSessionStrategy(HttpSecurityBuilder)} is non-null, then a
	 * {@link DelegatingAccessDeniedHandler} is used in combination with
	 * {@link InvalidSessionAccessDeniedHandler} and the
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)}. Otherwise, only
	 * {@link #getDefaultAccessDeniedHandler(HttpSecurityBuilder)} is used.
	 *
	 * @param http the {@link HttpSecurityBuilder}
	 * @return the {@link AccessDeniedHandler}
	 */
private AccessDeniedHandler createAccessDeniedHandler(H http) {
    InvalidSessionStrategy invalidSessionStrategy = getInvalidSessionStrategy(http);
    AccessDeniedHandler defaultAccessDeniedHandler = getDefaultAccessDeniedHandler(http);
    if (invalidSessionStrategy == null) {
        return defaultAccessDeniedHandler;
    }
    InvalidSessionAccessDeniedHandler invalidSessionDeniedHandler = new InvalidSessionAccessDeniedHandler(invalidSessionStrategy);
    LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>();
    handlers.put(MissingCsrfTokenException.class, invalidSessionDeniedHandler);
    return new DelegatingAccessDeniedHandler(handlers, defaultAccessDeniedHandler);
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionAccessDeniedHandler(org.springframework.security.web.session.InvalidSessionAccessDeniedHandler) AccessDeniedHandler(org.springframework.security.web.access.AccessDeniedHandler) DelegatingAccessDeniedHandler(org.springframework.security.web.access.DelegatingAccessDeniedHandler) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) LinkedHashMap(java.util.LinkedHashMap)

Example 2 with InvalidSessionStrategy

use of org.springframework.security.web.session.InvalidSessionStrategy in project spring-security by spring-projects.

the class SessionManagementConfigurer method configure.

@Override
public void configure(H http) throws Exception {
    SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository, getSessionAuthenticationStrategy(http));
    if (this.sessionAuthenticationErrorUrl != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(this.sessionAuthenticationErrorUrl));
    }
    InvalidSessionStrategy strategy = getInvalidSessionStrategy();
    if (strategy != null) {
        sessionManagementFilter.setInvalidSessionStrategy(strategy);
    }
    AuthenticationFailureHandler failureHandler = getSessionAuthenticationFailureHandler();
    if (failureHandler != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(failureHandler);
    }
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        sessionManagementFilter.setTrustResolver(trustResolver);
    }
    sessionManagementFilter = postProcess(sessionManagementFilter);
    http.addFilter(sessionManagementFilter);
    if (isConcurrentSessionControlEnabled()) {
        ConcurrentSessionFilter concurrentSessionFilter = createConccurencyFilter(http);
        concurrentSessionFilter = postProcess(concurrentSessionFilter);
        http.addFilter(concurrentSessionFilter);
    }
}
Also used : SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SimpleRedirectInvalidSessionStrategy(org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Aggregations

InvalidSessionStrategy (org.springframework.security.web.session.InvalidSessionStrategy)2 LinkedHashMap (java.util.LinkedHashMap)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)1 AccessDeniedHandler (org.springframework.security.web.access.AccessDeniedHandler)1 DelegatingAccessDeniedHandler (org.springframework.security.web.access.DelegatingAccessDeniedHandler)1 AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1 SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)1 HttpSessionSecurityContextRepository (org.springframework.security.web.context.HttpSessionSecurityContextRepository)1 NullSecurityContextRepository (org.springframework.security.web.context.NullSecurityContextRepository)1 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)1 ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)1 InvalidSessionAccessDeniedHandler (org.springframework.security.web.session.InvalidSessionAccessDeniedHandler)1 SessionManagementFilter (org.springframework.security.web.session.SessionManagementFilter)1 SimpleRedirectInvalidSessionStrategy (org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial