Summary:
Methods
| [Expand All]
public
interface
SessionAuthenticationStrategy
| org.springframework.security.web.authentication.session.SessionAuthenticationStrategy |
 Known Indirect Subclasses
|
Class Overview
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.
Summary
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Performs Http session-related functionality when a new authentication occurs.
| |||||||||||
Public Methods
public abstract void onAuthentication (Authentication authentication, HttpServletRequest request, HttpServletResponse response)
Performs Http session-related functionality when a new authentication occurs.
Throws
| SessionAuthenticationException | if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once. |
|---|