Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.confluence.security.seraph
Class SessionInvalidatingLoginInterceptor

java.lang.Object
  extended by com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor
All Implemented Interfaces:
com.atlassian.seraph.Initable, com.atlassian.seraph.interceptor.Interceptor, com.atlassian.seraph.interceptor.LoginInterceptor
public class SessionInvalidatingLoginInterceptor
extends java.lang.Object
implements com.atlassian.seraph.interceptor.LoginInterceptor

Responsible for invalidating the session before login to protect against session hijacking attacks (CONF-15108).

Constructor Summary
SessionInvalidatingLoginInterceptor()
           
 
Method Summary
 void afterLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password, boolean cookieLogin, java.lang.String loginStatus)
           
 void beforeLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String username, java.lang.String password, boolean cookieLogin)
           
 void destroy()
           
 void init(java.util.Map<java.lang.String,java.lang.String> params, com.atlassian.seraph.config.SecurityConfig config)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SessionInvalidatingLoginInterceptor

public SessionInvalidatingLoginInterceptor()
Method Detail

beforeLogin

public void beforeLogin(javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        java.lang.String username,
                        java.lang.String password,
                        boolean cookieLogin)
Specified by:
beforeLogin in interface com.atlassian.seraph.interceptor.LoginInterceptor

afterLogin

public void afterLogin(javax.servlet.http.HttpServletRequest request,
                       javax.servlet.http.HttpServletResponse response,
                       java.lang.String username,
                       java.lang.String password,
                       boolean cookieLogin,
                       java.lang.String loginStatus)
Specified by:
afterLogin in interface com.atlassian.seraph.interceptor.LoginInterceptor

destroy

public void destroy()
Specified by:
destroy in interface com.atlassian.seraph.interceptor.Interceptor

init

public void init(java.util.Map<java.lang.String,java.lang.String> params,
                 com.atlassian.seraph.config.SecurityConfig config)
Specified by:
init in interface com.atlassian.seraph.Initable
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003-2010 Atlassian. All Rights Reserved.