Class RegisterSessionAuthenticationStrategy
java.lang.Object
org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
- All Implemented Interfaces:
SessionAuthenticationStrategy
public class RegisterSessionAuthenticationStrategy
extends Object
implements SessionAuthenticationStrategy
Strategy used to register a user with the
SessionRegistry after successful
Authentication.
RegisterSessionAuthenticationStrategy is typically used in combination with
CompositeSessionAuthenticationStrategy and
ConcurrentSessionControlAuthenticationStrategy, but can be used on its own if
tracking of sessions is desired but no need to control concurrency.
NOTE: When using a SessionRegistry it is important that all sessions (including
timed out sessions) are removed. This is typically done by adding
HttpSessionEventPublisher.
- Since:
- 3.2
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidonAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
-
Constructor Details
-
RegisterSessionAuthenticationStrategy
- Parameters:
sessionRegistry- the session registry which should be updated when the authenticated session is changed.
-
-
Method Details
-
onAuthentication
public void onAuthentication(Authentication authentication, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.- Specified by:
onAuthenticationin interfaceSessionAuthenticationStrategy
-