Class CompositeSessionAuthenticationStrategy
- java.lang.Object
- 
- org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 
- 
- All Implemented Interfaces:
- SessionAuthenticationStrategy
 
 public class CompositeSessionAuthenticationStrategy extends java.lang.Object implements SessionAuthenticationStrategy ASessionAuthenticationStrategythat accepts multipleSessionAuthenticationStrategyimplementations to delegate to. EachSessionAuthenticationStrategyis invoked in turn. The invocations are short circuited if any exception, (i.e. SessionAuthenticationException) is thrown.Typical usage would include having the following delegates (in this order) - ConcurrentSessionControlAuthenticationStrategy- verifies that a user is allowed to authenticate (i.e. they have not already logged into the application.
- SessionFixationProtectionStrategy- If session fixation is desired,- SessionFixationProtectionStrategyshould be after- ConcurrentSessionControlAuthenticationStrategyto prevent unnecessary- HttpSessioncreation if the- ConcurrentSessionControlAuthenticationStrategyrejects authentication.
- RegisterSessionAuthenticationStrategy- It is important this is after- SessionFixationProtectionStrategyso that the correct session is registered.
 - Since:
- 3.2
 
- 
- 
Constructor SummaryConstructors Constructor Description CompositeSessionAuthenticationStrategy(java.util.List<SessionAuthenticationStrategy> delegateStrategies)
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description voidonAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Performs Http session-related functionality when a new authentication occurs.java.lang.StringtoString()
 
- 
- 
- 
Constructor Detail- 
CompositeSessionAuthenticationStrategypublic CompositeSessionAuthenticationStrategy(java.util.List<SessionAuthenticationStrategy> delegateStrategies) 
 
- 
 - 
Method Detail- 
onAuthenticationpublic void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException Description copied from interface:SessionAuthenticationStrategyPerforms Http session-related functionality when a new authentication occurs.- Specified by:
- onAuthenticationin interface- SessionAuthenticationStrategy
- Throws:
- SessionAuthenticationException- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.
 
 - 
toStringpublic java.lang.String toString() - Overrides:
- toStringin class- java.lang.Object
 
 
- 
 
-