SessionAuthenticationStrategy

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

All Known Implementing Classes:

ChangeSessionIdAuthenticationStrategy, CompositeSessionAuthenticationStrategy, ConcurrentSessionControlAuthenticationStrategy, CsrfAuthenticationStrategy, NullAuthenticatedSessionStrategy, RegisterSessionAuthenticationStrategy, SessionFixationProtectionStrategy
```
public interface SessionAuthenticationStrategy
```
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`void`	`onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response)` Performs Http session-related functionality when a new authentication occurs.

- Method Detail
  - onAuthentication
```
void onAuthentication(Authentication authentication,
                      HttpServletRequest request,
                      HttpServletResponse response)
               throws SessionAuthenticationException
```
    Performs Http session-related functionality when a new authentication occurs.
    
    Throws:
    
    SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method