CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-org-springframework-security--spring-security-web

Spring Security Web module provides comprehensive web security features for Spring-based applications, including servlet-based authentication, authorization, CSRF protection, session management, and security filter chain implementation

Pending
Overview
Eval results
Files

session-management.mddocs/

Session Management

Spring Security Web's session management provides HTTP session security controls including concurrent session management, session fixation protection, and invalid session handling.

Core Session Management Components

public class SessionManagementFilter extends GenericFilterBean {
    public void setInvalidSessionStrategy(InvalidSessionStrategy invalidSessionStrategy);
    public void setSessionInformationExpiredStrategy(SessionInformationExpiredStrategy sessionInformationExpiredStrategy);
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain);
}

public interface InvalidSessionStrategy {
    void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse response) 
        throws IOException, ServletException;
}

public class SimpleRedirectInvalidSessionStrategy implements InvalidSessionStrategy {
    public SimpleRedirectInvalidSessionStrategy(String destinationUrl);
    public void setCreateNewSession(boolean createNewSession);
}

public class ConcurrentSessionFilter extends GenericFilterBean {
    public ConcurrentSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy expiredSessionStrategy);
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain);
}

Usage Examples

// Basic session management
SessionManagementFilter sessionFilter = new SessionManagementFilter(repository);
sessionFilter.setInvalidSessionStrategy(
    new SimpleRedirectInvalidSessionStrategy("/login?expired")
);

// Concurrent session control
ConcurrentSessionFilter concurrentFilter = new ConcurrentSessionFilter(
    sessionRegistry,
    new SimpleRedirectSessionInformationExpiredStrategy("/login?concurrent")
);

Install with Tessl CLI

npx tessl i tessl/maven-org-springframework-security--spring-security-web

docs

access-control.md

authentication.md

csrf.md

filter-chain.md

firewall.md

index.md

reactive.md

security-context.md

session-management.md

utilities.md

tile.json