Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1142: Simplified implementation by removing template method.

This commit is contained in:
Luke Taylor 2009-08-07 22:54:07 +00:00
parent 90d76373cc
commit ea73fd0130
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java
View File

@ -65,7 +65,9 @@ public class SessionManagementFilter extends SpringSecurityFilter {
} else {
// No security context or authentication present. Check for a session timeout
if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
invalidSessionRequested(request, response);
if (invalidSessionUrl != null) {
response.sendRedirect(invalidSessionUrl);
}
}
}
}
@ -73,12 +75,6 @@ public class SessionManagementFilter extends SpringSecurityFilter {
chain.doFilter(request, response);
}
protected void invalidSessionRequested(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (invalidSessionUrl != null) {
response.sendRedirect(invalidSessionUrl);
}
}
/**
* Sets the strategy object which handles the session management behaviour when a
* user has been authenticated during the current request.
@ -90,6 +86,12 @@ public class SessionManagementFilter extends SpringSecurityFilter {
this.sessionStrategy = sessionStrategy;
}
/**
* Sets the URL to which the response should be redirected if the user agent request and invalid session Id.
* If the property is not set, no action will be taken.
*
* @param sessionTimeoutUrl
*/
public void setInvalidSessionUrl(String sessionTimeoutUrl) {
this.invalidSessionUrl = sessionTimeoutUrl;
}