CompositeSessionAuthenticationStrategy (spring-security-docs 5.8.15 API)

java.lang.Object
- org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

All Implemented Interfaces:

SessionAuthenticationStrategy
```
public class CompositeSessionAuthenticationStrategy
extends java.lang.Object
implements SessionAuthenticationStrategy
```
A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to. Each SessionAuthenticationStrategy is invoked in turn. The invocations are short circuited if any exception, (i.e. SessionAuthenticationException) is thrown.
Typical usage would include having the following delegates (in this order)
- ConcurrentSessionControlAuthenticationStrategy - verifies that a user is allowed to authenticate (i.e. they have not already logged into the application.
- SessionFixationProtectionStrategy - If session fixation is desired, SessionFixationProtectionStrategy should be after ConcurrentSessionControlAuthenticationStrategy to prevent unnecessary HttpSession creation if the ConcurrentSessionControlAuthenticationStrategy rejects authentication.
- RegisterSessionAuthenticationStrategy - It is important this is after SessionFixationProtectionStrategy so that the correct session is registered.
Since:

3.2

Constructor Summary

Constructors
Constructor Description

CompositeSessionAuthenticationStrategy(java.util.List<SessionAuthenticationStrategy> delegateStrategies)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Performs Http session-related functionality when a new authentication occurs.
`java.lang.String`	`toString()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - CompositeSessionAuthenticationStrategy
```
public CompositeSessionAuthenticationStrategy(java.util.List<SessionAuthenticationStrategy> delegateStrategies)
```
- Method Detail
  - onAuthentication
```
public void onAuthentication(Authentication authentication,
                             javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response)
                      throws SessionAuthenticationException
```
    Description copied from interface: SessionAuthenticationStrategy
    
    Performs Http session-related functionality when a new authentication occurs.
    
    Specified by:
    
    onAuthentication in interface SessionAuthenticationStrategy
    
    Throws:
    
    SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
  - toString
```
public java.lang.String toString()
```
    Overrides:
    
    toString in class java.lang.Object