Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents

Browse Source
This commit is contained in:
Ray Krueger 2005-03-13 22:30:06 +00:00
parent 169449bf24
commit ff45047f5a
1 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
core/src/main/java/org/acegisecurity/providers/ConcurrentSessionControllerImpl.java
View File

@ -21,16 +21,15 @@ import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.ui.WebAuthenticationDetails; import net.sf.acegisecurity.ui.WebAuthenticationDetails;
import net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent; import net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent;
import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import javax.servlet.http.HttpSession;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import javax.servlet.http.HttpSession;
/** /**
* Used by the {@link ProviderManager} to track Authentications and their * Used by the {@link ProviderManager} to track Authentications and their
@ -47,7 +46,7 @@ import javax.servlet.http.HttpSession;
* @author Ben Alex * @author Ben Alex
*/ */
public class ConcurrentSessionControllerImpl public class ConcurrentSessionControllerImpl
implements ConcurrentSessionController { implements ConcurrentSessionController, ApplicationListener {
//~ Instance fields ======================================================== //~ Instance fields ========================================================
protected Map principalsToSessions = new HashMap(); protected Map principalsToSessions = new HashMap();
@ -102,18 +101,17 @@ public class ConcurrentSessionControllerImpl
* Called by the {@link ProviderManager} after receiving a response from a * Called by the {@link ProviderManager} after receiving a response from a
* configured AuthenticationProvider. * configured AuthenticationProvider.
* *
* @param request Used to retieve the {@link WebAuthenticationDetails} * @param request Used to retieve the {@link WebAuthenticationDetails}
* @param response Used to store the sessionId for the current Principal * @param response Used to store the sessionId for the current Principal
*
* @see #determineSessionPrincipal(net.sf.acegisecurity.Authentication) * @see #determineSessionPrincipal(net.sf.acegisecurity.Authentication)
*/ */
public void afterAuthentication(Authentication request, public void afterAuthentication(Authentication request,
Authentication response) { Authentication response) {
enforceConcurrentLogins(response); enforceConcurrentLogins(response);
if (request.getDetails() instanceof WebAuthenticationDetails) { if (request.getDetails() instanceof WebAuthenticationDetails) {
String sessionId = ((WebAuthenticationDetails) request.getDetails()) String sessionId = ((WebAuthenticationDetails) request.getDetails())
.getSessionId(); .getSessionId();
addSession(determineSessionPrincipal(response), sessionId); addSession(determineSessionPrincipal(response), sessionId);
} }
} }
@ -123,12 +121,11 @@ public class ConcurrentSessionControllerImpl
* {@link AuthenticationProvider}s * {@link AuthenticationProvider}s
* *
* @param request The Authentication in question * @param request The Authentication in question
*
* @throws ConcurrentLoginException if the user has already met the {@link * @throws ConcurrentLoginException if the user has already met the {@link
* #setMaxSessions(int)} * #setMaxSessions(int)}
*/ */
public void beforeAuthentication(Authentication request) public void beforeAuthentication(Authentication request)
throws ConcurrentLoginException { throws ConcurrentLoginException {
enforceConcurrentLogins(request); enforceConcurrentLogins(request);
} }
@ -151,7 +148,6 @@ public class ConcurrentSessionControllerImpl
* *
* @param principal The principal in question * @param principal The principal in question
* @param sessionId The new or existing sessionId * @param sessionId The new or existing sessionId
*
* @return true if it's the same as a session already in use, false if it * @return true if it's the same as a session already in use, false if it
* is a new session * is a new session
*/ */
@ -189,7 +185,6 @@ public class ConcurrentSessionControllerImpl
* Counts the number of sessions in use by the given principal * Counts the number of sessions in use by the given principal
* *
* @param principal The principal object * @param principal The principal object
*
* @return 0 if there are no sessions, > if there are any * @return 0 if there are no sessions, > if there are any
*/ */
protected int countSessions(Object principal) { protected int countSessions(Object principal) {
@ -210,7 +205,6 @@ public class ConcurrentSessionControllerImpl
* specific implementation. * specific implementation.
* *
* @param auth The Authentication in question * @param auth The Authentication in question
*
* @return The principal to be used as the key against sessions * @return The principal to be used as the key against sessions
*/ */
protected Object determineSessionPrincipal(Authentication auth) { protected Object determineSessionPrincipal(Authentication auth) {
@ -233,12 +227,11 @@ public class ConcurrentSessionControllerImpl
* may override for more specific functionality * may override for more specific functionality
* *
* @param request Authentication being evaluated * @param request Authentication being evaluated
*
* @throws ConcurrentLoginException If the session is new, and the user is * @throws ConcurrentLoginException If the session is new, and the user is
* already at maxSessions * already at maxSessions
*/ */
protected void enforceConcurrentLogins(Authentication request) protected void enforceConcurrentLogins(Authentication request)
throws ConcurrentLoginException { throws ConcurrentLoginException {
//If the max is less than 1, sessions are unlimited //If the max is less than 1, sessions are unlimited
if (maxSessions < 1) { if (maxSessions < 1) {
return; return;
@ -251,7 +244,7 @@ public class ConcurrentSessionControllerImpl
if (request.getDetails() instanceof WebAuthenticationDetails) { if (request.getDetails() instanceof WebAuthenticationDetails) {
String sessionId = ((WebAuthenticationDetails) request.getDetails()) String sessionId = ((WebAuthenticationDetails) request.getDetails())
.getSessionId(); .getSessionId();
Object principal = determineSessionPrincipal(request); Object principal = determineSessionPrincipal(request);
@ -259,7 +252,7 @@ public class ConcurrentSessionControllerImpl
if (maxSessions == countSessions(principal)) { if (maxSessions == countSessions(principal)) {
//The user is AT their max, toss them out //The user is AT their max, toss them out
throw new ConcurrentLoginException(principal throw new ConcurrentLoginException(principal
+ " has reached the maximum concurrent logins"); + " has reached the maximum concurrent logins");
} }
} }
} }