Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Determining Max Sessions by Authentication #16218

Merged
merged 1 commit into from
Dec 19, 2024
Merged

Support Determining Max Sessions by Authentication #16218

merged 1 commit into from
Dec 19, 2024

Conversation

ClaudenirFreitas
Copy link

Closes gh-16206

@pivotal-cla
Copy link

@ClaudenirFreitas Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 5, 2024
@pivotal-cla
Copy link

@ClaudenirFreitas Thank you for signing the Contributor License Agreement!

@ClaudenirFreitas ClaudenirFreitas mentioned this pull request Dec 5, 2024
Closed
jzheaux
jzheaux requested changes Dec 5, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for such a quick turnaround, @ClaudenirFreitas! I've left my feedback inline.

.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
...work/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc Outdated Show resolved Hide resolved
config/src/test/java/org/springframework/security/config/doc/XsdDocumentedTests.java Outdated Show resolved Hide resolved
...ngframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java Outdated Show resolved Hide resolved
web/src/main/java/org/springframework/security/web/session/SessionLimitStrategy.java Outdated Show resolved Hide resolved
web/src/main/java/org/springframework/security/web/session/SessionLimitStrategy.java Outdated Show resolved Hide resolved
web/src/main/java/org/springframework/security/web/session/SessionLimitStrategy.java Outdated Show resolved Hide resolved
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java Outdated Show resolved Hide resolved
@jzheaux jzheaux self-assigned this Dec 5, 2024
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 5, 2024
@jzheaux jzheaux added this to the 6.5.x milestone Dec 5, 2024
@ClaudenirFreitas
Copy link
Author

Thanks for such a quick turnaround, @ClaudenirFreitas! I've left my feedback inline.

thanks a lot, @jzheaux.
I just pushed some changes and also replied to some comments. Could you review it again?

Meanwhile, I am still working on creating some integration tests to cover the configurations via XML, ok?

jzheaux
jzheaux requested changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates, @ClaudenirFreitas! I've left some additional feedback inline.

Let me know when you have integration tests ready, and I'll take another look.

.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
...work/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java Outdated Show resolved Hide resolved
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java Outdated Show resolved Hide resolved
...onfig/http/HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessions.xml Show resolved Hide resolved
@jzheaux jzheaux changed the title Address SessionLimitStrategy Support Determining Max Sessions by Authentication Dec 9, 2024
@ClaudenirFreitas
Copy link
Author

ClaudenirFreitas commented Dec 10, 2024
edited
Loading

Thanks for the updates, @ClaudenirFreitas! I've left some additional feedback inline.

Let me know when you have integration tests ready, and I'll take another look.

@jzheaux integration tests have been added.

Many tests failed due to the new release (6.5). I've updated many files on this commit, and the tests are passing now.

Silly question, is this flow correct for the new release?

@ClaudenirFreitas
Copy link
Author

Thanks for the updates, @ClaudenirFreitas! I've left some additional feedback inline.
Let me know when you have integration tests ready, and I'll take another look.

@jzheaux integration tests have been added.

Many tests failed due to the new release (6.5). I've updated many files on this commit, and the tests are passing now.

Silly question, is this flow correct for the new release?

Thanks for the updates, @ClaudenirFreitas! I've left some additional feedback inline.
Let me know when you have integration tests ready, and I'll take another look.

@jzheaux integration tests have been added.

Many tests failed due to the new release (6.5). I've updated many files on this commit, and the tests are passing now.

Silly question, is this flow correct for the new release?

@jzheaux
I just rebased this PR due to the current main changes.
I also added the unit and integration tests.
Could you review them again?

jzheaux
jzheaux requested changes Dec 14, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the finishing touches now! Please see my inline feedback.

Also, please squash your commits at this point and format it like so:

Add Max Sessions by Authentication

Closes gh-16206

.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
.../springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java Outdated Show resolved Hide resolved
@ClaudenirFreitas
Copy link
Author

ClaudenirFreitas commented Dec 14, 2024
edited
Loading

Just the finishing touches now! Please see my inline feedback.

Also, please squash your commits at this point and format it like so:

Add Max Sessions by Authentication

Closes gh-16206

@jzheaux
I had some conflicts when squashing the commits. Could use the Squash and merge option? e.g.

Screenshot 2024-12-14 at 21 47 39

@jzheaux
Copy link
Contributor

jzheaux commented Dec 17, 2024

Thanks for asking. We don't prefer to add a merge commit to the history in this case. Do you need help squashing?

@ClaudenirFreitas
Copy link
Author

ClaudenirFreitas commented Dec 17, 2024
edited
Loading

Thanks for asking. We don't prefer to add a merge commit to the history in this case. Do you need help squashing?

@jzheaux Yes, please.

@jzheaux jzheaux modified the milestones: 6.5.x, 6.5.0-M1 Dec 18, 2024
@jzheaux jzheaux merged commit 1864577 into spring-projects:main Dec 19, 2024
6 checks passed
@jzheaux
Copy link
Contributor

jzheaux commented Dec 19, 2024

Thanks for all your work on this PR, @ClaudenirFreitas! This is now merged into main. I also added a polish in 1104b45 to add Kotlin support, adjust SessionLimit's package, and add documentation.

@ClaudenirFreitas
Copy link
Author

ClaudenirFreitas commented Dec 19, 2024
edited
Loading

Thanks for all your work on this PR, @ClaudenirFreitas! This is now merged into main. I also added a polish in 1104b45 to add Kotlin support, adjust SessionLimit's package, and add documentation.

Thanks a lot for the help, @jzheaux!

We could add a sample using this config in the spring-security-samples repo, what do you think?

@ClaudenirFreitas ClaudenirFreitas deleted the gh-16206 branch December 19, 2024 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
Spring Security Team
Status: No status
Milestone
6.5.0-M1
Development

Successfully merging this pull request may close these issues.

Support varying maxSessions by user in Servlet
4 participants
@ClaudenirFreitas @pivotal-cla @jzheaux @spring-projects-issues