CompositeSessionAuthenticationStrategy (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.authentication.session
Class CompositeSessionAuthenticationStrategy

java.lang.Object
  org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

All Implemented Interfaces:: SessionAuthenticationStrategy

public class CompositeSessionAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy

A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to. Each SessionAuthenticationStrategy is invoked in turn. The invocations are short circuited if any exception, (i.e. SessionAuthenticationException) is thrown.

Typical usage would include having the following delegates (in this order)

ConcurrentSessionControlAuthenticationStrategy - verifies that a user is allowed to authenticate (i.e. they have not already logged into the application.
SessionFixationProtectionStrategy - If session fixation is desired, SessionFixationProtectionStrategy should be after ConcurrentSessionControlAuthenticationStrategy to prevent unnecessary HttpSession creation if the ConcurrentSessionControlAuthenticationStrategy rejects authentication.
RegisterSessionAuthenticationStrategy - It is important this is after SessionFixationProtectionStrategy so that the correct session is registered.

Since:: 3.2

Constructor Summary
`CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy> delegateStrategies)`

Method Summary
`void`	`onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Performs Http session-related functionality when a new authentication occurs.
`String`	`toString()`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

CompositeSessionAuthenticationStrategy

public CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy> delegateStrategies)

Method Detail

onAuthentication

public void onAuthentication(Authentication authentication,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws SessionAuthenticationException

Description copied from interface: SessionAuthenticationStrategy

Performs Http session-related functionality when a new authentication occurs.

Specified by:: onAuthentication in interface SessionAuthenticationStrategy

Throws:: SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.

toString

public String toString()

Overrides:: toString in class Object