Package org.kawanfw.sql.api.server.session

Class DefaultSessionConfigurator

java.lang.Object
org.kawanfw.sql.api.server.session.DefaultSessionConfigurator
All Implemented Interfaces:
SessionConfigurator
public class DefaultSessionConfigurator
extends Object
implements SessionConfigurator
Default implementation of session management:
  • Session id are generated using a SecureRandom with the SessionIdentifierGenerator class.
  • Session info (username, database) and session date/time creation are stored in a HashMap whose key is the session id.
  • Session id is sent by client side at each API call. AceQL verifies that the HashMap contains the username and that the session is not expired to grant access to the APIexecution.

It is not required nor recommended to extend this class or to develop another SessionConfigurator implementation.
Do it if you want to implement you own session mechanism and/or want to manage how session info are stored.

Note that getSessionTimelife() returns 0 and that sessions never expires.
Extend this class and override getSessionTimelife() if you want to define expirable sessions.

Author:
Nicolas de Pomereu

  • Constructor Details

    • DefaultSessionConfigurator

      public DefaultSessionConfigurator()

  • Method Details

    • generateSessionId

      public String generateSessionId​(String username, String database)
      The method builds an authentication session id by a call to:
      SessionIdentifierGenerator
      Specified by:
      generateSessionId in interface SessionConfigurator
      Parameters:
      username - the username to store for the passed session id
      database - the database to store for the passed session id
      Returns:
      a unique session id for the (username, database) couple.

    • getUsername

      public String getUsername​(String sessionId)
      Description copied from interface: SessionConfigurator
      Loads the username stored for the passed session id
      Specified by:
      getUsername in interface SessionConfigurator
      Parameters:
      sessionId - the session id
      Returns:
      the username stored for the passed session Id

    • getDatabase

      public String getDatabase​(String sessionId)
      Description copied from interface: SessionConfigurator
      Loads the database stored for the passed session id
      Specified by:
      getDatabase in interface SessionConfigurator
      Parameters:
      sessionId - the session id
      Returns:
      the database stored for the passed session Id

    • remove

      public void remove​(String sessionId)
      Description copied from interface: SessionConfigurator
      Removes storage for the passed session Id. Method is called by AceQL when client side calls logout
      Specified by:
      remove in interface SessionConfigurator
      Parameters:
      sessionId - the session id

    • verifySessionId

      public boolean verifySessionId​(String sessionId) throws IOException
      This implementation:
      • Verify that the sessionId exists
      • Verify that the sessionId is not expired (must be less that 12 hours).
      Specified by:
      verifySessionId in interface SessionConfigurator
      Parameters:
      sessionId - the session id to verify
      Returns:
      true if the sessionId is valid
      Throws:
      IOException - if any I/O error occurs

    • getSessionTimelifeMinutes

      public int getSessionTimelifeMinutes() throws IOException
      Returns the value of session.timelifeMinutes property of aceql-server.properties. Defaults to 0. If 0, session is infinite.
      Specified by:
      getSessionTimelifeMinutes in interface SessionConfigurator
      Returns:
      the sessions lifetime in minutes
      Throws:
      IOException - if any I/O error occurs