How to subclass concurency control in spring, and what exception is thrown?

Right now in Spring security I have this code:

<session-management>
    <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>

If someone attempts to start a concurrent session, an exception is thrown. The way my application handles exceptions is by catching them and then throwing a custom exception that will be displayed to the user. My question is two-part.

First, and most importantly, how do I create a custom class that can be given to session management so that it can catch the old exception and throw the new? It seems to me that I need to subclass concurrency-control, and make a bean of some sort within my security context, but I am not sure how to do that.

Second, what is the name of the exception that will be thrown (the one I need to catch)? My guess is that it will be an AccessDeniedException, but I am unsure. This is not as important as the first question, because once I know the correct class I must subclass, I will know what exceptions it could be.

Thanks for the help,

Mirrore开发者_运维知识库dFate

Ahh... I have found my answer.

I subclassed ConcurrentSessionControlStrategy, and over-rode the method allowableSessionsExceeded. This method throws a SessionAuthenticationException, who's message I changed before throwing it again. I had to add this code:

<security:session-management session-authentication-strategy-ref="ccc"/>

<beans:bean id="ccc"
    class="com.lim.lds.client.sqlloader.security.CustomConcurrencyControl">
    <beans:constructor-arg name="sessionRegistry"
        ref="sessionRegistry" />
    <beans:property name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

to my spring-security.xml file.

I hope this helps anyone in a similar situation!