Package org.jenkinsci.plugins.cas.spring.security

Class CasSessionFixationProtectionStrategy

java.lang.Object

org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

org.jenkinsci.plugins.cas.spring.security.CasSessionFixationProtectionStrategy

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.ApplicationEventPublisherAware, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

public class CasSessionFixationProtectionStrategy
extends org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

Session fixation protection strategy that invalidates the existing session and integrates with the Single Sign-Out session mapping storage.

Author:

Fabien Crespel

Nested Class Summary

Nested classes/interfaces inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher

Field Summary

Fields

Modifier and Type	Field	Description
protected org.apereo.cas.client.session.SessionMappingStorage	sessionStorage

Fields inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

logger

Constructor Summary

Constructors

Constructor	Description
CasSessionFixationProtectionStrategy()
CasSessionFixationProtectionStrategy(org.apereo.cas.client.session.SessionMappingStorage sessionStorage)

Method Summary

Modifier and Type	Method	Description
org.apereo.cas.client.session.SessionMappingStorage	getSessionStorage()
protected void	onSessionChange(String originalSessionId, jakarta.servlet.http.HttpSession newSession, org.springframework.security.core.Authentication auth)
void	setSessionStorage(org.apereo.cas.client.session.SessionMappingStorage sessionStorage)

Methods inherited from class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

extractAttributes, setMigrateSessionAttributes

Methods inherited from class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

onAuthentication, setAlwaysCreateSession, setApplicationEventPublisher

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

sessionStorage

protected org.apereo.cas.client.session.SessionMappingStorage sessionStorage

Constructor Details

CasSessionFixationProtectionStrategy

public CasSessionFixationProtectionStrategy()

CasSessionFixationProtectionStrategy

public CasSessionFixationProtectionStrategy(org.apereo.cas.client.session.SessionMappingStorage sessionStorage)

Method Details

onSessionChange

protected void onSessionChange(String originalSessionId,
 jakarta.servlet.http.HttpSession newSession,
 org.springframework.security.core.Authentication auth)

Overrides:

onSessionChange in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

getSessionStorage

public org.apereo.cas.client.session.SessionMappingStorage getSessionStorage()

setSessionStorage

public void setSessionStorage(org.apereo.cas.client.session.SessionMappingStorage sessionStorage)