org.springframework.security.concurrent

Class ConcurrentSessionControllerImpl

java.lang.Object

org.springframework.security.concurrent.ConcurrentSessionControllerImpl

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, ConcurrentSessionController

public class ConcurrentSessionControllerImpl
extends java.lang.Object
implements ConcurrentSessionController, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

Base implementation of ConcurrentSessionControllerImpl which prohibits simultaneous logins.

By default uses SessionRegistryImpl, although any SessionRegistry may be used.

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields

Modifier and Type	Field and Description
protected org.springframework.context.support.MessageSourceAccessor	messages

Constructor Summary

Constructors

Constructor and Description
ConcurrentSessionControllerImpl()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected void	allowableSessionsExceeded(java.lang.String sessionId, SessionInformation[] sessions, int allowableSessions, SessionRegistry registry) Allows subclasses to customise behaviour when too many sessions are detected.
void	checkAuthenticationAllowed(Authentication request) Called by any class that wishes to know whether the current authentication request should be permitted.
protected int	getMaximumSessionsForThisUser(Authentication authentication) Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
SessionRegistry	getSessionRegistry()
void	registerSuccessfulAuthentication(Authentication authentication) Called by an AuthenticationManager when the authentication was successful.
void	setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded)
void	setMaximumSessions(int maximumSessions)
void	setMessageSource(org.springframework.context.MessageSource messageSource)
void	setSessionRegistry(SessionRegistry sessionRegistry)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail

ConcurrentSessionControllerImpl

public ConcurrentSessionControllerImpl()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

java.lang.Exception

allowableSessionsExceeded

protected void allowableSessionsExceeded(java.lang.String sessionId,
                             SessionInformation[] sessions,
                             int allowableSessions,
                             SessionRegistry registry)

Allows subclasses to customise behaviour when too many sessions are detected.

Parameters:

sessionId - the session ID of the present request

sessions - either null or all unexpired sessions associated with the principal

allowableSessions - DOCUMENT ME!

registry - an instance of the SessionRegistry for subclass use

Throws:

ConcurrentLoginException - DOCUMENT ME!

checkAuthenticationAllowed

public void checkAuthenticationAllowed(Authentication request)
                                throws AuthenticationException

Description copied from interface: ConcurrentSessionController

Called by any class that wishes to know whether the current authentication request should be permitted. Generally callers will be AuthenticationManagers before they authenticate, but could equally include Filters or other interceptors that wish to confirm the ongoing validity of a previously authenticated Authentication.

The implementation should throw a suitable exception if the user has exceeded their maximum allowed concurrent sessions.

Specified by:

checkAuthenticationAllowed in interface ConcurrentSessionController

Parameters:

request - the authentication request (never null)

Throws:

AuthenticationException - if the user has exceeded their maximum allowed current sessions

getMaximumSessionsForThisUser

protected int getMaximumSessionsForThisUser(Authentication authentication)

Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication. The default implementation simply returns the maximumSessions value for the bean.

Parameters:

authentication - to determine the maximum sessions for

Returns:

either -1 meaning unlimited, or a positive integer to limit (never zero)

registerSuccessfulAuthentication

public void registerSuccessfulAuthentication(Authentication authentication)

Description copied from interface: ConcurrentSessionController

Called by an AuthenticationManager when the authentication was successful. An implementation is expected to register the authenticated user in some sort of registry, for future concurrent tracking via the ConcurrentSessionController.checkAuthenticationAllowed(Authentication) method.

Specified by:

registerSuccessfulAuthentication in interface ConcurrentSessionController

Parameters:

authentication - the successfully authenticated user (never null)

setExceptionIfMaximumExceeded

public void setExceptionIfMaximumExceeded(boolean exceptionIfMaximumExceeded)

setMaximumSessions

public void setMaximumSessions(int maximumSessions)

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)

Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

setSessionRegistry

public void setSessionRegistry(SessionRegistry sessionRegistry)

getSessionRegistry

public SessionRegistry getSessionRegistry()