public class RegisterSessionAuthenticationStrategy extends Object implements SessionAuthenticationStrategy
SessionRegistry
after
successful Authentication
.
RegisterSessionAuthenticationStrategy
is typically used in
combination with CompositeSessionAuthenticationStrategy
and
ConcurrentSessionControlAuthenticationStrategy
, but can be used on
its own if tracking of sessions is desired but no need to control
concurrency.
SessionRegistry
it is important that all sessions
(including timed out sessions) are removed. This is typically done by adding
HttpSessionEventPublisher
.CompositeSessionAuthenticationStrategy
Constructor and Description |
---|
RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry) |
Modifier and Type | Method and Description |
---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
|
public RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry)
sessionRegistry
- the session registry which should be updated when the authenticated session is changed.public void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
onAuthentication
in interface SessionAuthenticationStrategy