org.springframework.security.web.authentication.session

Interface SessionAuthenticationStrategy

All Known Implementing Classes:

ChangeSessionIdAuthenticationStrategy, CompositeSessionAuthenticationStrategy, ConcurrentSessionControlAuthenticationStrategy, CsrfAuthenticationStrategy, NullAuthenticatedSessionStrategy, RegisterSessionAuthenticationStrategy, SessionFixationProtectionStrategy

public interface SessionAuthenticationStrategy

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:

Method Summary

Modifier and Type	Method and Description
void	onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Performs Http session-related functionality when a new authentication occurs.

Method Detail

onAuthentication

void onAuthentication(Authentication authentication,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response)
               throws SessionAuthenticationException

Performs Http session-related functionality when a new authentication occurs.

Throws:

SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.