Spring Security
  1. Spring Security
  2. SEC-879

Add BeanPostProcessor to check that SessionRegistry is set on AbstractProcessingFilter etc when using custom ConcurrentSessionController

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.2
    • Fix Version/s: 2.0.3
    • Component/s: Namespace
    • Labels:
      None

      Description

      The use of a custom controller means that all the concurrent session beans have to be externally configured and thus the namespace registered beans don't know about them and have to be explicitly configured too (using traditional bean syntax). A post processor could attempt to resolve the missing references (to the session registry) and set them on the namespace beans (AuthenticationProcessingFilter, SessionFixationProtectionFilter etc)

        Activity

        Hide
        Luke Taylor added a comment -

        I've added SessionRegsitryInjectionBeanPostProcessor class, which is registered if the concurrent-session-controller-ref attribute is used with the namespace authentication-manager element.

        It checks for a SessionFixationProtectionFilter, OpenID filter or AuthenticationProcessingFilter registeed by the namespace and injects the SessionRegistry into any of these. The registry bean is obtained from the controller if possible, or directly from the bean factory.

        Show
        Luke Taylor added a comment - I've added SessionRegsitryInjectionBeanPostProcessor class, which is registered if the concurrent-session-controller-ref attribute is used with the namespace authentication-manager element. It checks for a SessionFixationProtectionFilter, OpenID filter or AuthenticationProcessingFilter registeed by the namespace and injects the SessionRegistry into any of these. The registry bean is obtained from the controller if possible, or directly from the bean factory.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: