mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 17:52:13 +00:00
SEC-1142: Simplified implementation by removing template method.
This commit is contained in:
parent
90d76373cc
commit
ea73fd0130
@ -65,7 +65,9 @@ public class SessionManagementFilter extends SpringSecurityFilter {
|
||||
} else {
|
||||
// No security context or authentication present. Check for a session timeout
|
||||
if (request.getRequestedSessionId() != null && !request.isRequestedSessionIdValid()) {
|
||||
invalidSessionRequested(request, response);
|
||||
if (invalidSessionUrl != null) {
|
||||
response.sendRedirect(invalidSessionUrl);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -73,12 +75,6 @@ public class SessionManagementFilter extends SpringSecurityFilter {
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
protected void invalidSessionRequested(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
||||
if (invalidSessionUrl != null) {
|
||||
response.sendRedirect(invalidSessionUrl);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the strategy object which handles the session management behaviour when a
|
||||
* user has been authenticated during the current request.
|
||||
@ -90,6 +86,12 @@ public class SessionManagementFilter extends SpringSecurityFilter {
|
||||
this.sessionStrategy = sessionStrategy;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the URL to which the response should be redirected if the user agent request and invalid session Id.
|
||||
* If the property is not set, no action will be taken.
|
||||
*
|
||||
* @param sessionTimeoutUrl
|
||||
*/
|
||||
public void setInvalidSessionUrl(String sessionTimeoutUrl) {
|
||||
this.invalidSessionUrl = sessionTimeoutUrl;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user