| Interface | Description |
|---|---|
| UserToAuthenticationConverter |
Converts a hybris
UserModel to a Spring Security Authentication object. |
| Class | Description |
|---|---|
| DefaultUserToAuthenticationConverter |
This implementation copies username and password, converts all user groups to
GrantedAuthoritys and puts them into a
UsernamePasswordAuthenticationToken. |
| HybrisAuthenticationProvider | Deprecated |
| HybrisGroupBasedAuthenticationProvider | Deprecated
see PLA-10801 -- validates 'best practice pattern' of seperating 'authentication' from 'authorization'
and isn't flexible enough.
|
| HybrisSessionFixationProtectionStrategy |
Session fixation attacks are a potential risk where it is possible for a malicious attacker to create a session by
accessing a site, then persuade another user to log in with the same session (by sending them a link containing the
session identifier as a parameter, for example).
|
Copyright © 2017 SAP SE. All Rights Reserved.