Package org.springframework.security.config.web.server

Class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
Enclosing class:
ServerHttpSecurity.SessionManagementSpec
public class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec extends Object
Configures how many sessions are allowed for a given user.

  • Constructor Details

    • ConcurrentSessionsSpec

      public ConcurrentSessionsSpec()

  • Method Details

    • sessionRegistry

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec sessionRegistry(org.springframework.security.core.session.ReactiveSessionRegistry reactiveSessionRegistry)
      Sets the ReactiveSessionRegistry to use.
      Parameters:
      reactiveSessionRegistry - the ReactiveSessionRegistry to use
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

    • maximumSessions

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessions(org.springframework.security.web.server.authentication.SessionLimit sessionLimit)
      Sets the maximum number of sessions allowed for any user. You can use SessionLimit.of(int) to specify a positive integer or SessionLimit.UNLIMITED to allow unlimited sessions. To customize the maximum number of sessions on a per-user basis, you can provide a custom SessionLimit implementation, like so: 
           http
         .sessionManagement((sessions) -> sessions
             .concurrentSessions((concurrency) -> concurrency
                 .maximumSessions((authentication) -> {
                     if (authentication.getName().equals("admin")) {
                         return Mono.empty() // unlimited sessions for admin
                     }
                     return Mono.just(1); // one session for every other user
                 })
             )
         )
      Parameters:
      sessionLimit - the maximum number of sessions allowed for any user
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

    • maximumSessionsExceededHandler

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessionsExceededHandler(org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)
      Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.
      Parameters:
      maximumSessionsExceededHandler - the ServerMaximumSessionsExceededHandler to use
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing