Package org.springframework.security.web.authentication.session

Interface SessionAuthenticationStrategy

All Known Implementing Classes:

AbstractSessionFixationProtectionStrategy, ChangeSessionIdAuthenticationStrategy, CompositeSessionAuthenticationStrategy, ConcurrentSessionControlAuthenticationStrategy, CsrfAuthenticationStrategy, NullAuthenticatedSessionStrategy, RegisterSessionAuthenticationStrategy, SessionFixationProtectionStrategy

public interface SessionAuthenticationStrategy

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Since:

Method Summary

Modifier and Type	Method	Description
void	onAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Performs Http session-related functionality when a new authentication occurs.

Method Details

onAuthentication

void onAuthentication(Authentication authentication,
 jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
               throws SessionAuthenticationException

Performs Http session-related functionality when a new authentication occurs.

Throws:

SessionAuthenticationException - if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.