26
26
import org .springframework .context .event .GenericApplicationListenerAdapter ;
27
27
import org .springframework .context .event .SmartApplicationListener ;
28
28
import org .springframework .security .authentication .AuthenticationTrustResolver ;
29
+ import org .springframework .security .config .Customizer ;
29
30
import org .springframework .security .config .annotation .web .HttpSecurityBuilder ;
30
31
import org .springframework .security .config .annotation .web .builders .HttpSecurity ;
31
32
import org .springframework .security .config .http .SessionCreationPolicy ;
@@ -249,6 +250,19 @@ public SessionFixationConfigurer sessionFixation() {
249
250
return new SessionFixationConfigurer ();
250
251
}
251
252
253
+ /**
254
+ * Allows configuring session fixation protection.
255
+ *
256
+ * @param sessionFixationCustomizer the {@link Customizer} to provide more options for
257
+ * the {@link SessionFixationConfigurer}
258
+ * @return the {@link SessionManagementConfigurer} for further customizations
259
+ */
260
+ public SessionManagementConfigurer <H > sessionFixation (Customizer <SessionFixationConfigurer > sessionFixationCustomizer )
261
+ throws Exception {
262
+ sessionFixationCustomizer .customize (new SessionFixationConfigurer ());
263
+ return this ;
264
+ }
265
+
252
266
/**
253
267
* Controls the maximum number of sessions for a user. The default is to allow any
254
268
* number of users.
@@ -260,6 +274,20 @@ public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
260
274
return new ConcurrencyControlConfigurer ();
261
275
}
262
276
277
+ /**
278
+ * Controls the maximum number of sessions for a user. The default is to allow any
279
+ * number of users.
280
+ *
281
+ * @param sessionConcurrencyCustomizer the {@link Customizer} to provide more options for
282
+ * the {@link ConcurrencyControlConfigurer}
283
+ * @return the {@link SessionManagementConfigurer} for further customizations
284
+ */
285
+ public SessionManagementConfigurer <H > sessionConcurrency (Customizer <ConcurrencyControlConfigurer > sessionConcurrencyCustomizer )
286
+ throws Exception {
287
+ sessionConcurrencyCustomizer .customize (new ConcurrencyControlConfigurer ());
288
+ return this ;
289
+ }
290
+
263
291
/**
264
292
* Invokes {@link #postProcess(Object)} and sets the
265
293
* {@link SessionAuthenticationStrategy} for session fixation.
@@ -338,6 +366,18 @@ public SessionManagementConfigurer<H> none() {
338
366
*/
339
367
public final class ConcurrencyControlConfigurer {
340
368
369
+ /**
370
+ * Controls the maximum number of sessions for a user. The default is to allow any
371
+ * number of users.
372
+ *
373
+ * @param maximumSessions the maximum number of sessions for a user
374
+ * @return the {@link ConcurrencyControlConfigurer} for further customizations
375
+ */
376
+ public ConcurrencyControlConfigurer maximumSessions (int maximumSessions ) {
377
+ SessionManagementConfigurer .this .maximumSessions = maximumSessions ;
378
+ return this ;
379
+ }
380
+
341
381
/**
342
382
* The URL to redirect to if a user tries to access a resource and their session
343
383
* has been expired due to too many sessions for the current user. The default is
0 commit comments