Class RegisterSessionAuthenticationStrategy

All Implemented Interfaces:

public class RegisterSessionAuthenticationStrategy extends Object implements SessionAuthenticationStrategy
Strategy used to register a user with the SessionRegistry after successful Authentication.

RegisterSessionAuthenticationStrategy is typically used in combination with CompositeSessionAuthenticationStrategy and ConcurrentSessionControlAuthenticationStrategy, but can be used on its own if tracking of sessions is desired but no need to control concurrency.

NOTE: When using a SessionRegistry it is important that all sessions (including timed out sessions) are removed. This is typically done by adding HttpSessionEventPublisher.

See Also:
  • Constructor Details

    • RegisterSessionAuthenticationStrategy

      public RegisterSessionAuthenticationStrategy(SessionRegistry sessionRegistry)
      sessionRegistry - the session registry which should be updated when the authenticated session is changed.
  • Method Details

    • onAuthentication

      public void onAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
      Specified by:
      onAuthentication in interface SessionAuthenticationStrategy