1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package org.springframework.security.concurrent; 17 18 import org.springframework.security.Authentication; 19 import org.springframework.security.AuthenticationException; 20 21 22 /** 23 * Provides two methods that can be called by an {@link 24 * org.springframework.security.AuthenticationManager} to integrate with the 25 * concurrent session handling infrastructure. 26 * 27 * @author Ben Alex 28 * @version $Id: ConcurrentSessionController.java 2217 2007-10-27 00:45:30Z luke_t $ 29 */ 30 public interface ConcurrentSessionController { 31 //~ Methods ======================================================================================================== 32 33 /** 34 * Called by any class that wishes to know whether the current authentication request should be permitted. 35 * Generally callers will be <code>AuthenticationManager</code>s before they authenticate, but could equally 36 * include <code>Filter</code>s or other interceptors that wish to confirm the ongoing validity of a previously 37 * authenticated <code>Authentication</code>.<p>The implementation should throw a suitable exception if the 38 * user has exceeded their maximum allowed concurrent sessions.</p> 39 * 40 * @param request the authentication request (never <code>null</code>) 41 * 42 * @throws AuthenticationException if the user has exceeded their maximum allowed current sessions 43 */ 44 void checkAuthenticationAllowed(Authentication request) 45 throws AuthenticationException; 46 47 /** 48 * Called by an <code>AuthenticationManager</code> when the authentication was successful. An 49 * implementation is expected to register the authenticated user in some sort of registry, for future concurrent 50 * tracking via the {@link #checkAuthenticationAllowed(Authentication)} method. 51 * 52 * @param authentication the successfully authenticated user (never <code>null</code>) 53 */ 54 void registerSuccessfulAuthentication(Authentication authentication); 55 }