From feb790ea83608ffa8bf156165575b042c389c118 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 31 Jan 2008 16:25:50 +0000
Subject: [PATCH] SEC-486: Added determineExpiredUrl method to
 ConcurrentSessionFilter

---
 .../security/concurrent/ConcurrentSessionFilter.java   | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionFilter.java b/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionFilter.java
index 2778f8dee6..3f96121660 100644
--- a/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionFilter.java
+++ b/core/src/main/java/org/springframework/security/concurrent/ConcurrentSessionFilter.java
@@ -75,8 +75,10 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini
                     // Expired - abort processing
                     doLogout(request, response);
 
-                    if (expiredUrl != null) {
-                        String targetUrl = request.getContextPath() + expiredUrl;
+                    String targetUrl = determineExpiredUrl(request, info);
+
+                    if (targetUrl != null) {
+                        targetUrl = request.getContextPath() + targetUrl;
                         response.sendRedirect(response.encodeRedirectURL(targetUrl));
                     } else {
                         response.getWriter().print("This session has been expired (possibly due to multiple concurrent " +
@@ -95,6 +97,10 @@ public class ConcurrentSessionFilter extends SpringSecurityFilter implements Ini
         chain.doFilter(request, response);
     }
 
+    protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
+        return expiredUrl;
+    }
+
     private void doLogout(HttpServletRequest request, HttpServletResponse response) {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();