Extend Spring MVC class
I'm trying to extend a Spring MVC class which is the ConcurrentSessionControlAuthenticationStrategy
and override the getMaximumSessionsForThisUser
method with my own implementation.
How do I register or communicate to Spring to use my implementation of it's method rather than it's own?
spring spring-mvc spring-security
add a comment |
I'm trying to extend a Spring MVC class which is the ConcurrentSessionControlAuthenticationStrategy
and override the getMaximumSessionsForThisUser
method with my own implementation.
How do I register or communicate to Spring to use my implementation of it's method rather than it's own?
spring spring-mvc spring-security
add a comment |
I'm trying to extend a Spring MVC class which is the ConcurrentSessionControlAuthenticationStrategy
and override the getMaximumSessionsForThisUser
method with my own implementation.
How do I register or communicate to Spring to use my implementation of it's method rather than it's own?
spring spring-mvc spring-security
I'm trying to extend a Spring MVC class which is the ConcurrentSessionControlAuthenticationStrategy
and override the getMaximumSessionsForThisUser
method with my own implementation.
How do I register or communicate to Spring to use my implementation of it's method rather than it's own?
spring spring-mvc spring-security
spring spring-mvc spring-security
edited Nov 21 '18 at 15:50
dur
7,890134266
7,890134266
asked Nov 21 '18 at 15:24
AbuBakar KhanAbuBakar Khan
10312
10312
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
For XML configuration, see Spring Security Reference:
21.2 SessionAuthenticationStrategy
SessionAuthenticationStrategy
is used by bothSessionManagementFilter
andAbstractAuthenticationProcessingFilter
, so if you are using a customized form-login class, for example, you will need to inject it into both of these. In this case, a typical configuration, combining the namespace and custom beans might look like this:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
...
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
For Java configuration, see SessionManagementConfigurer#sessionAuthenticationStrategy
:
public SessionManagementConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy
. The default is to useSessionFixationProtectionStrategy
. If restricting the maximum number of sessions is configured, thenCompositeSessionAuthenticationStrategy
delegating toConcurrentSessionControlAuthenticationStrategy
,SessionFixationProtectionStrategy
(the default) ORSessionAuthenticationStrategy
the supplied sessionAuthenticationStrategy,RegisterSessionAuthenticationStrategy
. NOTE: Supplying a customSessionAuthenticationStrategy
will override the default providedSessionFixationProtectionStrategy
.
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415275%2fextend-spring-mvc-class%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
For XML configuration, see Spring Security Reference:
21.2 SessionAuthenticationStrategy
SessionAuthenticationStrategy
is used by bothSessionManagementFilter
andAbstractAuthenticationProcessingFilter
, so if you are using a customized form-login class, for example, you will need to inject it into both of these. In this case, a typical configuration, combining the namespace and custom beans might look like this:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
...
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
For Java configuration, see SessionManagementConfigurer#sessionAuthenticationStrategy
:
public SessionManagementConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy
. The default is to useSessionFixationProtectionStrategy
. If restricting the maximum number of sessions is configured, thenCompositeSessionAuthenticationStrategy
delegating toConcurrentSessionControlAuthenticationStrategy
,SessionFixationProtectionStrategy
(the default) ORSessionAuthenticationStrategy
the supplied sessionAuthenticationStrategy,RegisterSessionAuthenticationStrategy
. NOTE: Supplying a customSessionAuthenticationStrategy
will override the default providedSessionFixationProtectionStrategy
.
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
add a comment |
For XML configuration, see Spring Security Reference:
21.2 SessionAuthenticationStrategy
SessionAuthenticationStrategy
is used by bothSessionManagementFilter
andAbstractAuthenticationProcessingFilter
, so if you are using a customized form-login class, for example, you will need to inject it into both of these. In this case, a typical configuration, combining the namespace and custom beans might look like this:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
...
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
For Java configuration, see SessionManagementConfigurer#sessionAuthenticationStrategy
:
public SessionManagementConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy
. The default is to useSessionFixationProtectionStrategy
. If restricting the maximum number of sessions is configured, thenCompositeSessionAuthenticationStrategy
delegating toConcurrentSessionControlAuthenticationStrategy
,SessionFixationProtectionStrategy
(the default) ORSessionAuthenticationStrategy
the supplied sessionAuthenticationStrategy,RegisterSessionAuthenticationStrategy
. NOTE: Supplying a customSessionAuthenticationStrategy
will override the default providedSessionFixationProtectionStrategy
.
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
add a comment |
For XML configuration, see Spring Security Reference:
21.2 SessionAuthenticationStrategy
SessionAuthenticationStrategy
is used by bothSessionManagementFilter
andAbstractAuthenticationProcessingFilter
, so if you are using a customized form-login class, for example, you will need to inject it into both of these. In this case, a typical configuration, combining the namespace and custom beans might look like this:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
...
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
For Java configuration, see SessionManagementConfigurer#sessionAuthenticationStrategy
:
public SessionManagementConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy
. The default is to useSessionFixationProtectionStrategy
. If restricting the maximum number of sessions is configured, thenCompositeSessionAuthenticationStrategy
delegating toConcurrentSessionControlAuthenticationStrategy
,SessionFixationProtectionStrategy
(the default) ORSessionAuthenticationStrategy
the supplied sessionAuthenticationStrategy,RegisterSessionAuthenticationStrategy
. NOTE: Supplying a customSessionAuthenticationStrategy
will override the default providedSessionFixationProtectionStrategy
.
For XML configuration, see Spring Security Reference:
21.2 SessionAuthenticationStrategy
SessionAuthenticationStrategy
is used by bothSessionManagementFilter
andAbstractAuthenticationProcessingFilter
, so if you are using a customized form-login class, for example, you will need to inject it into both of these. In this case, a typical configuration, combining the namespace and custom beans might look like this:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<session-management session-authentication-strategy-ref="sas"/>
</http>
<beans:bean id="myAuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="sas" />
...
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
For Java configuration, see SessionManagementConfigurer#sessionAuthenticationStrategy
:
public SessionManagementConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy
. The default is to useSessionFixationProtectionStrategy
. If restricting the maximum number of sessions is configured, thenCompositeSessionAuthenticationStrategy
delegating toConcurrentSessionControlAuthenticationStrategy
,SessionFixationProtectionStrategy
(the default) ORSessionAuthenticationStrategy
the supplied sessionAuthenticationStrategy,RegisterSessionAuthenticationStrategy
. NOTE: Supplying a customSessionAuthenticationStrategy
will override the default providedSessionFixationProtectionStrategy
.
edited Nov 21 '18 at 15:47
answered Nov 21 '18 at 15:40
durdur
7,890134266
7,890134266
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
add a comment |
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
So that means I will have to refer the session management in spring security to use my own session authentication strategy which will be my XYZ class which extends ConcurrentSessionControlAuthenticationStrategy.
– AbuBakar Khan
Nov 21 '18 at 16:03
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415275%2fextend-spring-mvc-class%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown