Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1142: Simplified implementation by removing template method.

Browse Source
This commit is contained in:
Luke Taylor 2009-08-07 22:54:07 +00:00
parent 90d76373cc
commit ea73fd0130
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
View File

@ -65,7 +65,9 @@ public class SessionManagementFilter extends SpringSecurityFilter {
} else { } else {
// No security context or authentication present. Check for a session timeout // No security context or authentication present. Check for a session timeout
if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) { if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
invalidSessionRequested(request, response); if (invalidSessionUrl != null) {
response.sendRedirect(invalidSessionUrl);
}
} }
} }
} }
@ -73,12 +75,6 @@ public class SessionManagementFilter extends SpringSecurityFilter {
chain.doFilter(request, response); chain.doFilter(request, response);
} }
protected void invalidSessionRequested(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (invalidSessionUrl != null) {
response.sendRedirect(invalidSessionUrl);
}
}
/** /**
* Sets the strategy object which handles the session management behaviour when a * Sets the strategy object which handles the session management behaviour when a
* user has been authenticated during the current request. * user has been authenticated during the current request.
@ -90,6 +86,12 @@ public class SessionManagementFilter extends SpringSecurityFilter {
this.sessionStrategy = sessionStrategy; this.sessionStrategy = sessionStrategy;
} }
/**
* Sets the URL to which the response should be redirected if the user agent request and invalid session Id.
* If the property is not set, no action will be taken.
*
* @param sessionTimeoutUrl
*/
public void setInvalidSessionUrl(String sessionTimeoutUrl) { public void setInvalidSessionUrl(String sessionTimeoutUrl) {
this.invalidSessionUrl = sessionTimeoutUrl; this.invalidSessionUrl = sessionTimeoutUrl;
} }