Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.authentication.session
Interface SessionAuthenticationStrategy

All Known Implementing Classes:
ChangeSessionIdAuthenticationStrategy, CompositeSessionAuthenticationStrategy, ConcurrentSessionControlAuthenticationStrategy, ConcurrentSessionControlStrategy, CsrfAuthenticationStrategy, NullAuthenticatedSessionStrategy, RegisterSessionAuthenticationStrategy, SessionFixationProtectionStrategy
public interface SessionAuthenticationStrategy

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:

Method Summary
 void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Performs Http session-related functionality when a new authentication occurs.
 

Method Detail

onAuthentication

void onAuthentication(Authentication authentication,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
                      throws SessionAuthenticationException
Performs Http session-related functionality when a new authentication occurs.

Throws:
SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD