Allow inject Map into SessionRegistryImpl

As principals and sessionIds are set in class itself so one can't share user session count across nodes(Cluster). Using constructor for setting principals and sessionIds we can pass Cache map to constructor which can enable common session count in cluster otherwise user would be allowed to logged in with multiple sessions. There is no point keeping principals and sessionIds completely internal. Fixes gh-4772
2025-07-16 23:33:31 +00:00 · 2016-12-29 08:05:22 +05:30 · 2016-12-29 08:05:22 +05:30 · 6cbf71bd72
commit 6cbf71bd72
parent cd63329b63
1 changed files with 12 additions and 2 deletions
--- a/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
+++ b/core/src/main/java/org/springframework/security/core/session/SessionRegistryImpl.java
@ -48,13 +48,23 @@ public class SessionRegistryImpl implements SessionRegistry,
 	protected final Log logger = LogFactory.getLog(SessionRegistryImpl.class);

 	/** <principal:Object,SessionIdSet> */
-	private final ConcurrentMap<Object, Set<String>> principals = new ConcurrentHashMap<Object, Set<String>>();
+	private final ConcurrentMap<Object, Set<String>> principals;
 	/** <sessionId:Object,SessionInformation> */
-	private final Map<String, SessionInformation> sessionIds = new ConcurrentHashMap<String, SessionInformation>();
+	private final Map<String, SessionInformation> sessionIds;

 	// ~ Methods
 	// ========================================================================================================

+	public SessionRegistryImpl() {
+		this.principals = new ConcurrentHashMap<Object, Set<String>>();
+		this.sessionIds = new ConcurrentHashMap<String, SessionInformation>();
+	}
+
+	public SessionRegistryImpl(ConcurrentMap<Object, Set<String>> principals,Map<String, SessionInformation> sessionIds) {
+		this.principals=principals;
+		this.sessionIds=sessionIds;
+	}
+
 	public List<Object> getAllPrincipals() {
 		return new ArrayList<Object>(principals.keySet());
 	}