AuthenticationStrategyUsingSession
Checks that an already-present InteractionContext (obtained from the HttpSession ) is still org.apache.causeway.core.security.authentication.manager.AuthenticationManager#isSessionValid(InteractionContext) valid , and re-binds the InteractionContext onto the HttpSession .
Note that this implementation is not particularly "restful"; normally REST APIs are expected to be stateless whereas this implementation requires a session to obtain the InteractionContext . Typically it would be combined with Shiro, whose default behaviour (not suppressed by this filter) is indeed to store the InteractionContext on the session.
The session is looked-up from the HttpSession using the value AuthenticationStrategyUsingSession#HTTP_SESSION_AUTHENTICATION_SESSION_KEY
API
class AuthenticationStrategyUsingSession {
public static final String HTTP_SESSION_AUTHENTICATION_SESSION_KEY;
InteractionContext lookupValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
void bind(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, InteractionContext authentication)
}