public interface

SessionAuthenticationStrategy

org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
Known Indirect Subclasses

Class Overview

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.

Summary

Public Methods
abstract void onAuthentication(Authentication authentication, HttpServletRequest request, HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.

Public Methods

public abstract void onAuthentication (Authentication authentication, HttpServletRequest request, HttpServletResponse response)

Performs Http session-related functionality when a new authentication occurs.

Throws
SessionAuthenticationException if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.