Interface SessionAuthenticationStrategy
-
- All Known Implementing Classes:
ChangeSessionIdAuthenticationStrategy
,CompositeSessionAuthenticationStrategy
,ConcurrentSessionControlAuthenticationStrategy
,CsrfAuthenticationStrategy
,NullAuthenticatedSessionStrategy
,RegisterSessionAuthenticationStrategy
,SessionFixationProtectionStrategy
public interface SessionAuthenticationStrategy
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.
- Since:
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.
-
-
-
Method Detail
-
onAuthentication
void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException
Performs Http session-related functionality when a new authentication occurs.- Throws:
SessionAuthenticationException
- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
-
-