public class RegisterSessionAuthenticationStrategy extends Object implements SessionAuthenticationStrategy
SessionRegistry
after successful
Authentication
.
RegisterSessionAuthenticationStrategy
is typically used in combination with
CompositeSessionAuthenticationStrategy
and
ConcurrentSessionControlAuthenticationStrategy
, but can be used on its own if
tracking of sessions is desired but no need to control concurrency.
NOTE: When using a SessionRegistry
it is important that all sessions (including
timed out sessions) are removed. This is typically done by adding
HttpSessionEventPublisher
.
CompositeSessionAuthenticationStrategy
Constructor and Description |
---|
RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry) |
Modifier and Type | Method and Description |
---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated
with the new session information.
|
public RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry)
sessionRegistry
- the session registry which should be updated when the
authenticated session is changed.public void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
onAuthentication
in interface SessionAuthenticationStrategy