This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents

2005-03-13 22:30:06 +00:00 · 2005-03-13 22:30:06 +00:00 · ff45047f5a
parent 169449bf24
commit ff45047f5a
1 changed files with 12 additions and 19 deletions
--- a/core/src/main/java/org/acegisecurity/providers/ConcurrentSessionControllerImpl.java
+++ b/core/src/main/java/org/acegisecurity/providers/ConcurrentSessionControllerImpl.java
@ -21,16 +21,15 @@ import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.ui.WebAuthenticationDetails;
 import net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent;
-
 import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;

+import javax.servlet.http.HttpSession;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

-import javax.servlet.http.HttpSession;
-

 /**
 * Used by the {@link ProviderManager} to track Authentications and their
@ -47,7 +46,7 @@ import javax.servlet.http.HttpSession;
 * @author Ben Alex
 */
 public class ConcurrentSessionControllerImpl
-    implements ConcurrentSessionController {
+        implements ConcurrentSessionController, ApplicationListener {
    //~ Instance fields ========================================================

    protected Map principalsToSessions = new HashMap();
@ -102,18 +101,17 @@ public class ConcurrentSessionControllerImpl
     * Called by the {@link ProviderManager} after receiving a response from a
     * configured AuthenticationProvider.
     *
-     * @param request Used to retieve the {@link WebAuthenticationDetails}
+     * @param request  Used to retieve the {@link WebAuthenticationDetails}
     * @param response Used to store the sessionId for the current Principal
-     *
     * @see #determineSessionPrincipal(net.sf.acegisecurity.Authentication)
     */
    public void afterAuthentication(Authentication request,
-        Authentication response) {
+                                    Authentication response) {
        enforceConcurrentLogins(response);

        if (request.getDetails() instanceof WebAuthenticationDetails) {
            String sessionId = ((WebAuthenticationDetails) request.getDetails())
-                .getSessionId();
+                    .getSessionId();
            addSession(determineSessionPrincipal(response), sessionId);
        }
    }
@ -123,12 +121,11 @@ public class ConcurrentSessionControllerImpl
     * {@link AuthenticationProvider}s
     *
     * @param request The Authentication in question
-     *
     * @throws ConcurrentLoginException if the user has already met the {@link
-     *         #setMaxSessions(int)}
+     *                                  #setMaxSessions(int)}
     */
    public void beforeAuthentication(Authentication request)
-        throws ConcurrentLoginException {
+            throws ConcurrentLoginException {
        enforceConcurrentLogins(request);
    }

@ -151,7 +148,6 @@ public class ConcurrentSessionControllerImpl
     *
     * @param principal The principal in question
     * @param sessionId The new or existing sessionId
-     *
     * @return true if it's the same as a session already in use, false if it
     *         is a new session
     */
@ -189,7 +185,6 @@ public class ConcurrentSessionControllerImpl
     * Counts the number of sessions in use by the given principal
     *
     * @param principal The principal object
-     *
     * @return 0 if there are no sessions, &gt; if there are any
     */
    protected int countSessions(Object principal) {
@ -210,7 +205,6 @@ public class ConcurrentSessionControllerImpl
     * specific implementation.
     *
     * @param auth The Authentication in question
-     *
     * @return The principal to be used as the key against sessions
     */
    protected Object determineSessionPrincipal(Authentication auth) {
@ -233,12 +227,11 @@ public class ConcurrentSessionControllerImpl
     * may override for more specific functionality
     *
     * @param request Authentication being evaluated
-     *
     * @throws ConcurrentLoginException If the session is new, and the user is
-     *         already at maxSessions
+     *                                  already at maxSessions
     */
    protected void enforceConcurrentLogins(Authentication request)
-        throws ConcurrentLoginException {
+            throws ConcurrentLoginException {
        //If the max is less than 1, sessions are unlimited
        if (maxSessions < 1) {
            return;
@ -251,7 +244,7 @@ public class ConcurrentSessionControllerImpl

        if (request.getDetails() instanceof WebAuthenticationDetails) {
            String sessionId = ((WebAuthenticationDetails) request.getDetails())
-                .getSessionId();
+                    .getSessionId();

            Object principal = determineSessionPrincipal(request);

@ -259,7 +252,7 @@ public class ConcurrentSessionControllerImpl
                if (maxSessions == countSessions(principal)) {
                    //The user is AT their max, toss them out
                    throw new ConcurrentLoginException(principal
-                        + " has reached the maximum concurrent logins");
+                            + " has reached the maximum concurrent logins");
                }
            }
        }