Package org.springframework.security.web.server.authentication

Class ConcurrentSessionControlServerAuthenticationSuccessHandler

java.lang.Object

org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler

All Implemented Interfaces:

ServerAuthenticationSuccessHandler

public final class ConcurrentSessionControlServerAuthenticationSuccessHandler
extends Object
implements ServerAuthenticationSuccessHandler

Controls the number of sessions a user can have concurrently authenticated in an application. It also allows for customizing behaviour when an authentication attempt is made while the user already has the maximum number of sessions open. By default, it allows a maximum of 1 session per user, if the maximum is exceeded, the user's least recently used session(s) will be expired.

Since:

6.3

See Also:

• ServerMaximumSessionsExceededHandler
• RegisterSessionServerAuthenticationSuccessHandler

Constructor Summary

Constructors

Constructor	Description
ConcurrentSessionControlServerAuthenticationSuccessHandler(org.springframework.security.core.session.ReactiveSessionRegistry sessionRegistry, ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<Void>	onAuthenticationSuccess(WebFilterExchange exchange, org.springframework.security.core.Authentication authentication)	Invoked when the application authenticates successfully
void	setSessionLimit(SessionLimit sessionLimit)	Sets the strategy used to resolve the maximum number of sessions that are allowed for a specific Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ConcurrentSessionControlServerAuthenticationSuccessHandler

public ConcurrentSessionControlServerAuthenticationSuccessHandler(org.springframework.security.core.session.ReactiveSessionRegistry sessionRegistry,
 ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)

Method Details

onAuthenticationSuccess

public reactor.core.publisher.Mono<Void> onAuthenticationSuccess(WebFilterExchange exchange,
 org.springframework.security.core.Authentication authentication)

Description copied from interface: ServerAuthenticationSuccessHandler

Invoked when the application authenticates successfully

Specified by:

onAuthenticationSuccess in interface ServerAuthenticationSuccessHandler

Parameters:

exchange - the exchange

authentication - the Authentication

Returns:

a completion notification (success or error)

setSessionLimit

public void setSessionLimit(SessionLimit sessionLimit)

Sets the strategy used to resolve the maximum number of sessions that are allowed for a specific Authentication. By default, it returns 1 for any authentication.

Parameters:

sessionLimit - the SessionLimit to use