Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Explicit SessionAuthenticationStrategy Option

Browse Source 
SessionAuthenticationFilter requires accessing the HttpSession to do its
job. Previously, there was no way to just disable the
SessionAuthenticationFilter despite the fact that
SessionAuthenticationStrategy is invoked by the authentication filters
directly.

This commit adds an option to disable SessionManagmentFilter in favor of
requiring explicit SessionAuthenticationStrategy invocation already
performed by the authentication filters.

Closes gh-11455
This commit is contained in:
Rob Winch
2022-08-17 15:20:07 -05:00
parent 51dc672625
commit 89f8310d6c
5 changed files with 59 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/modules/ROOT/pages/servlet/appendix/namespace/http.adoc
+4
View File
@@ -2243,6 +2243,10 @@ Session-management related functionality is implemented by the addition of a `Se
=== <session-management> Attributes
[[nsa-session-management-authentication-strategy-explicit-invocation]]
* **authentication-strategy-explicit-invocation**
Setting this attribute to true will mean that `SessionManagementFilter` will not be injected and explicit invocation of SessionAuthenticationStrategy is required.
[[nsa-session-management-invalid-session-url]]
* **invalid-session-url**
Setting this attribute will inject the `SessionManagementFilter` with a `SimpleRedirectInvalidSessionStrategy` configured with the attribute value.