This MUST implement ApplicationListener in order to receive the HttpSessionDestroyedEvents

core/src/main/java/org/acegisecurity/providers/ConcurrentSessionControllerImpl.java

@@ -21,16 +21,15 @@ import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.ui.WebAuthenticationDetails;
 import net.sf.acegisecurity.ui.session.HttpSessionDestroyedEvent;
-
 import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
 
+import javax.servlet.http.HttpSession;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
-import javax.servlet.http.HttpSession;
-
 
 /**
  * Used by the {@link ProviderManager} to track Authentications and their
@@ -47,7 +46,7 @@ import javax.servlet.http.HttpSession;
  * @author Ben Alex
  */
 public class ConcurrentSessionControllerImpl
-    implements ConcurrentSessionController {
+        implements ConcurrentSessionController, ApplicationListener {
     //~ Instance fields ========================================================
 
     protected Map principalsToSessions = new HashMap();
@@ -104,7 +103,6 @@ public class ConcurrentSessionControllerImpl
      *
      * @param request  Used to retieve the {@link WebAuthenticationDetails}
      * @param response Used to store the sessionId for the current Principal
-     *
      * @see #determineSessionPrincipal(net.sf.acegisecurity.Authentication)
      */
     public void afterAuthentication(Authentication request,
@@ -123,7 +121,6 @@ public class ConcurrentSessionControllerImpl
      * {@link AuthenticationProvider}s
      *
      * @param request The Authentication in question
-     *
      * @throws ConcurrentLoginException if the user has already met the {@link
      *                                  #setMaxSessions(int)}
      */
@@ -151,7 +148,6 @@ public class ConcurrentSessionControllerImpl
      *
      * @param principal The principal in question
      * @param sessionId The new or existing sessionId
-     *
      * @return true if it's the same as a session already in use, false if it
      *         is a new session
      */
@@ -189,7 +185,6 @@ public class ConcurrentSessionControllerImpl
      * Counts the number of sessions in use by the given principal
      *
      * @param principal The principal object
-     *
      * @return 0 if there are no sessions, > if there are any
      */
     protected int countSessions(Object principal) {
@@ -210,7 +205,6 @@ public class ConcurrentSessionControllerImpl
      * specific implementation.
      *
      * @param auth The Authentication in question
-     *
      * @return The principal to be used as the key against sessions
      */
     protected Object determineSessionPrincipal(Authentication auth) {
@@ -233,7 +227,6 @@ public class ConcurrentSessionControllerImpl
      * may override for more specific functionality
      *
      * @param request Authentication being evaluated
-     *
      * @throws ConcurrentLoginException If the session is new, and the user is
      *                                  already at maxSessions
      */