List of usage examples for org.springframework.security.web.authentication.session SessionFixationProtectionEvent SessionFixationProtectionEvent
public SessionFixationProtectionEvent(Authentication authentication, String oldSessionId, String newSessionId)
From source file:com.deep.two.authority.impl.FareAbstractSessionFixationProtection.java
/** * Called when the session has been changed and the old attributes have been * migrated to the new session. Only called if a session existed to start * with. Allows subclasses to plug in additional behaviour. * * <p>//from ww w. java2 s .co m * The default implementation of this method publishes a * {@link SessionFixationProtectionEvent} to notify the application that the * session ID has changed. If you override this method and still wish these * events to be published, you should call {@code super.onSessionChange()} * within your overriding method. * * @param originalSessionId * the original session identifier * @param newSession * the newly created session * @param auth * the token for the newly authenticated principal */ protected void onSessionChange(String originalSessionId, HttpSession newSession, Authentication auth) { applicationEventPublisher .publishEvent(new SessionFixationProtectionEvent(auth, originalSessionId, newSession.getId())); }