Package | Description |
---|---|
org.springframework.security.config.annotation.web.configurers | |
org.springframework.security.web.authentication |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
org.springframework.security.web.authentication.session |
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
|
org.springframework.security.web.csrf | |
org.springframework.security.web.session |
Session management filters,
HttpSession events and publisher classes. |
Modifier and Type | Method and Description |
---|---|
SessionManagementConfigurer<H> |
SessionManagementConfigurer.sessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Allows explicitly specifying the
SessionAuthenticationStrategy . |
Modifier and Type | Method and Description |
---|---|
void |
AbstractAuthenticationProcessingFilter.setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionStrategy)
The session handling strategy which will be invoked immediately after an authentication request is
successfully processed by the AuthenticationManager.
|
Modifier and Type | Class and Description |
---|---|
class |
ChangeSessionIdAuthenticationStrategy
Uses
HttpServletRequest.changeSessionId() to protect against session
fixation attacks. |
class |
CompositeSessionAuthenticationStrategy
A
SessionAuthenticationStrategy that accepts multiple
SessionAuthenticationStrategy implementations to delegate to. |
class |
ConcurrentSessionControlAuthenticationStrategy
Strategy which handles concurrent session-control.
|
class |
ConcurrentSessionControlStrategy
Deprecated.
Use
ConcurrentSessionControlAuthenticationStrategy instead |
class |
NullAuthenticatedSessionStrategy |
class |
RegisterSessionAuthenticationStrategy
Strategy used to register a user with the
SessionRegistry after
successful Authentication . |
class |
SessionFixationProtectionStrategy
The default implementation of
SessionAuthenticationStrategy when using < Servlet 3.1. |
Constructor and Description |
---|
CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy> delegateStrategies) |
Modifier and Type | Class and Description |
---|---|
class |
CsrfAuthenticationStrategy
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating. |
Modifier and Type | Method and Description |
---|---|
void |
SessionManagementFilter.setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)
Deprecated.
Use constructor injection
|
Constructor and Description |
---|
SessionManagementFilter(SecurityContextRepository securityContextRepository,
SessionAuthenticationStrategy sessionStrategy) |
Copyright © 2019. All rights reserved.