Class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
Enclosing class:
ServerHttpSecurity.SessionManagementSpec
public class ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec extends Object
Configures how many sessions are allowed for a given user.
Since:
5.0

  • Constructor Details

    • ConcurrentSessionsSpec

      public ConcurrentSessionsSpec()

  • Method Details

    • sessionRegistry

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec sessionRegistry(org.springframework.security.core.session.ReactiveSessionRegistry reactiveSessionRegistry)
      Sets the ReactiveSessionRegistry to use.
      Parameters:
      reactiveSessionRegistry - the ReactiveSessionRegistry to use
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

    • maximumSessions

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessions(org.springframework.security.web.server.authentication.SessionLimit sessionLimit)
      Sets the maximum number of sessions allowed for any user. You can use SessionLimit.of(int) to specify a positive integer or SessionLimit.UNLIMITED to allow unlimited sessions. To customize the maximum number of sessions on a per-user basis, you can provide a custom SessionLimit implementation, like so: 
          http
        .sessionManagement((sessions) -> sessions
            .concurrentSessions((concurrency) -> concurrency
                .maximumSessions((authentication) -> {
                    if (authentication.getName().equals("admin")) {
                        return Mono.empty() // unlimited sessions for admin
                    }
                    return Mono.just(1); // one session for every other user
                })
            )
        )
      Parameters:
      sessionLimit - the maximum number of sessions allowed for any user
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing

    • maximumSessionsExceededHandler

      public ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec maximumSessionsExceededHandler(org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler)
      Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.
      Parameters:
      maximumSessionsExceededHandler - the ServerMaximumSessionsExceededHandler to use
      Returns:
      the ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec to continue customizing