public interface SessionAuthenticationStrategy
Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.
Modifier and Type | Method and Description |
---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.
|
void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException
SessionAuthenticationException
- if it is decided that the authentication is not allowed for the session.
This will typically be because the user has too many sessions open at once.