public class RegisterSessionAuthenticationStrategy extends Object implements SessionAuthenticationStrategy
SessionRegistry after
successful Authentication.
RegisterSessionAuthenticationStrategy is typically used in
combination with CompositeSessionAuthenticationStrategy and
ConcurrentSessionControlAuthenticationStrategy, but can be used on
its own if tracking of sessions is desired but no need to control
concurrency.
SessionRegistry it is important that all sessions
(including timed out sessions) are removed. This is typically done by adding
HttpSessionEventPublisher.CompositeSessionAuthenticationStrategy| Constructor and Description |
|---|
RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry) |
| Modifier and Type | Method and Description |
|---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
|
public RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry)
sessionRegistry - the session registry which should be updated when the authenticated session is changed.public void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
onAuthentication in interface SessionAuthenticationStrategy