public class RegisterSessionAuthenticationStrategy extends java.lang.Object implements SessionAuthenticationStrategy
SessionRegistry after successful
Authentication.
RegisterSessionAuthenticationStrategy is typically used in combination with
CompositeSessionAuthenticationStrategy and
ConcurrentSessionControlAuthenticationStrategy, but can be used on its own if
tracking of sessions is desired but no need to control concurrency.
NOTE: When using a SessionRegistry it is important that all sessions (including
timed out sessions) are removed. This is typically done by adding
HttpSessionEventPublisher.
CompositeSessionAuthenticationStrategy| Constructor and Description |
|---|
RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry) |
| Modifier and Type | Method and Description |
|---|---|
void |
onAuthentication(Authentication authentication,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
In addition to the steps from the superclass, the sessionRegistry will be updated
with the new session information.
|
public RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry)
sessionRegistry - the session registry which should be updated when the
authenticated session is changed.public void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
onAuthentication in interface SessionAuthenticationStrategy