Examples of org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

A {@link SessionAuthenticationStrategy} that accepts multiple{@link SessionAuthenticationStrategy} implementations to delegate to. Each{@link SessionAuthenticationStrategy} is invoked in turn. The invocations areshort circuited if any exception, (i.e. SessionAuthenticationException) is thrown.

Typical usage would include having the following delegates (in this order)

{@link ConcurrentSessionControlAuthenticationStrategy} - verifies that auser is allowed to authenticate (i.e. they have not already logged into the application.
{@link SessionFixationProtectionStrategy} - If session fixation isdesired, {@link SessionFixationProtectionStrategy} should be after{@link ConcurrentSessionControlAuthenticationStrategy} to prevent unnecessary{@link HttpSession} creation if the{@link ConcurrentSessionControlAuthenticationStrategy} rejectsauthentication.
{@link RegisterSessionAuthenticationStrategy} - It is important this isafter {@link SessionFixationProtectionStrategy} so that the correct sessionis registered.

@author Rob Winch @since 3.2


            delegateStrategies.addAll(Arrays.asList(concurrentSessionControlStrategy, sessionFixationAuthenticationStrategy, registerSessionStrategy));
        } else {
            delegateStrategies.add(sessionFixationAuthenticationStrategy);
        }
        sessionAuthenticationStrategy = postProcess(new CompositeSessionAuthenticationStrategy(delegateStrategies));
        return sessionAuthenticationStrategy;
    }

Related Classes of org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.