1
0
mirror of synced 2026-07-19 09:35:12 +00:00

SEC-1754: Added an InvalidSessionStrategy to allow SessionManagementFilter to delegate out the behaviour when an invalid session identifier is submitted.

This commit is contained in:
Luke Taylor
2011-07-14 16:29:43 +01:00
parent ac3d8b25f2
commit a1c714cff4
8 changed files with 101 additions and 33 deletions
@@ -404,6 +404,14 @@
configured <classname>DefaultSessionAuthenticationStrategy</classname>. See the
Javadoc for this class for more details. </para>
</section>
<section xml:id="nsa-invalid-session-url">
<title><literal>invalid-session-url</literal></title>
<para>Setting this attribute will inject the <classname>SessionManagementFilter</classname>
with a <classname>SimpleRedirectInvalidSessionStrategy</classname> configured with
the attribute value. When an invalid session ID is submitted, the strategy will be invoked,
redirecting to the configured URL.
</para>
</section>
</section>
<section xml:id="nsa-concurrent-session-control">
<title>The <literal>&lt;concurrency-control&gt;</literal> Element</title>
+6 -4
View File
@@ -28,10 +28,12 @@
invoke the configured
<interfacename>SessionAuthenticationStrategy</interfacename>.</para>
<para>If the user is not currently authenticated, the filter will check whether an invalid
session ID has been requested (because of a timeout, for example) and will redirect to
the configured <literal>invalidSessionUrl</literal> if set. The easiest way to configure
this is through the namespace, <link xlink:href="#ns-session-mgmt">as described
earlier</link>.</para>
session ID has been requested (because of a timeout, for example) and will invoke the configured
<interfacename>InvalidSessionStrategy</interfacename>, if one is set. The most common behaviour
is just to redirect to a fixed URL and this is encapsulated in the standard implementation
<classname>SimpleRedirectInvalidSessionStrategy</classname>. The latter is also used
when configuring an invalid session URL through the namespace,
<link xlink:href="#ns-session-mgmt">as described earlier</link>.</para>
</section>
<section>
<title><interfacename>SessionAuthenticationStrategy</interfacename></title>