org.springframework.security.web.authentication.session.SessionAuthenticationStrategy Java Examples

The following examples show how to use org.springframework.security.web.authentication.session.SessionAuthenticationStrategy. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TokenAuthFilterConfigurer.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(H http) throws Exception {

    AuthenticationTokenFilter af = getAuthenticationFilter();
    if(authenticationDetailsSource != null) {
        af.setAuthenticationDetailsSource(authenticationDetailsSource);
    }
    af.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    af.setAuthenticationSuccessHandler(new AuthenticationStubSuccessHandler());
    SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class);
    if(sessionAuthenticationStrategy != null) {
        af.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
    }
    AuthenticationTokenFilter filter = postProcess(af);
    filter.setContinueChainAfterSuccessfulAuthentication(true);
    http.addFilterBefore(filter, BasicAuthenticationFilter.class);
}
 
Example #2
Source File: SessionConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
     * sessionAuthenticationStrategy does not work in JavaConfig
     * @param sessionRegistry
     * @return
     */
//    @Bean
    public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){
        return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{
            setMaximumSessions(-1);
        }};
    }
 
Example #3
Source File: SessionConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public SessionManagementFilter sessionManagementFilter(SecurityContextRepository securityContextRepository,
                                                       SessionAuthenticationStrategy sessionAuthenticationStrategy){
    return new SessionManagementFilter(securityContextRepository, sessionAuthenticationStrategy);
}
 
Example #4
Source File: SpringAuthManager.java    From jdal with Apache License 2.0 4 votes vote down vote up
/**
 * @param sessionStrategy the sessionStrategy to set
 */
public void setSessionStrategy(SessionAuthenticationStrategy sessionStrategy) {
	this.sessionStrategy = sessionStrategy;
}
 
Example #5
Source File: SpringAuthManager.java    From jdal with Apache License 2.0 4 votes vote down vote up
/**
 * @return the sessionStrategy
 */
public SessionAuthenticationStrategy getSessionStrategy() {
	return sessionStrategy;
}
 
Example #6
Source File: SecurityConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #7
Source File: SecurityConfig.java    From keycloak-user-migration-provider with Apache License 2.0 4 votes vote down vote up
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #8
Source File: WebSessionConfiguration.java    From cola with MIT License 4 votes vote down vote up
@Bean
public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry) {
	return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);
}
 
Example #9
Source File: SessionConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * sessionAuthenticationStrategy does not work in JavaConfig
 * @param sessionRegistry
 * @return
 */
@Bean
public SessionAuthenticationStrategy sessionAuthenticationStrategy(SessionRegistry sessionRegistry){
    return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry){{
        setMaximumSessions(-1);
    }};
}
 
Example #10
Source File: SecurityConfig.java    From teiid-spring-boot with Apache License 2.0 4 votes vote down vote up
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #11
Source File: AtlasSecurityConfig.java    From atlas with Apache License 2.0 4 votes vote down vote up
@Bean
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #12
Source File: SsoSecurityConfigurer.java    From spring-security-oauth2-boot with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity builder) throws Exception {
	OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter;
	ssoFilter.setSessionAuthenticationStrategy(builder.getSharedObject(SessionAuthenticationStrategy.class));
	builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #13
Source File: PersonApplication.java    From blog with Apache License 2.0 4 votes vote down vote up
/**
 * Provide a session authentication strategy bean which should be of type
 * RegisterSessionAuthenticationStrategy for public or confidential applications
 * and NullAuthenticatedSessionStrategy for bearer-only applications.
 */
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #14
Source File: PersonApplication.java    From blog with Apache License 2.0 4 votes vote down vote up
/**
 * Provide a session authentication strategy bean which should be of type
 * RegisterSessionAuthenticationStrategy for public or confidential applications
 * and NullAuthenticatedSessionStrategy for bearer-only applications.
 */
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #15
Source File: SecurityConfig.java    From devconf2019-authz with Apache License 2.0 4 votes vote down vote up
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
 
Example #16
Source File: KerberosAuthenticationProcessingFilter.java    From cxf-fediz with Apache License 2.0 2 votes vote down vote up
/**
 * The session handling strategy which will be invoked immediately after an authentication request is
 * successfully processed by the <tt>AuthenticationManager</tt>. Used, for example, to handle changing of the
 * session identifier to prevent session fixation attacks.
 *
 * @param sessionAuthStrategy the implementation to use. If not set a null implementation is
 * used.
 */
public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthStrategy) {
    this.sessionStrategy = sessionAuthStrategy;
}
 
Example #17
Source File: KeycloakWebSecurityConfigurerAdapter.java    From keycloak with Apache License 2.0 votes vote down vote up
protected abstract SessionAuthenticationStrategy sessionAuthenticationStrategy();