org.springframework.security.web.authentication.session
Interface SessionAuthenticationStrategy

All Known Implementing Classes:
ConcurrentSessionControlStrategy, NullAuthenticatedSessionStrategy, SessionFixationProtectionStrategy

public interface SessionAuthenticationStrategy

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:
Version:
$Id: SessionAuthenticationStrategy.java 3921 2009-10-05 16:40:32Z ltaylor $
Author:
Luke Taylor

Method Summary
 void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response)
          Performs Http session-related functionality when a new authentication occurs.
 

Method Detail

onAuthentication

void onAuthentication(Authentication authentication,
                      HttpServletRequest request,
                      HttpServletResponse response)
                      throws SessionAuthenticationException
Performs Http session-related functionality when a new authentication occurs.

Throws:
SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.