Package com.logicaldoc.core.security

Class SessionManager

java.lang.Object
java.util.AbstractMap<String,Session>
java.util.concurrent.ConcurrentHashMap<String,Session>
com.logicaldoc.core.security.SessionManager
All Implemented Interfaces:
Serializable, ConcurrentMap<String,Session>, Map<String,Session>
@Component("sessionManager") public class SessionManager extends ConcurrentHashMap<String,Session>
Repository of all current user sessions.
Since:
4.6
Author:
Marco Meschieri - LogicalDOC
See Also:

  • Field Details

  • Constructor Details

    • SessionManager

      public SessionManager()

  • Method Details

    • get

      public static final SessionManager get()

    • newSession

      public Session newSession(String username, String password, String key, jakarta.servlet.http.HttpServletRequest request) throws AuthenticationException
      Creates a new session by authenticating the given user and stores it in the pool of opened sessions
      Parameters:
      username - the username
      password - the passowrd
      key - the secret key
      request - the current request
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • newSession

      public Session newSession(String username, String password, jakarta.servlet.http.HttpServletRequest request) throws AuthenticationException
      Creates a new session by authenticating the given user and stores it in the pool of opened sessions
      Parameters:
      username - the username
      password - the passowrd
      request - the current request
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • newSession

      public Session newSession(String username, String password, Client client) throws AuthenticationException
      Creates a new session by authenticating the given user and stores it in the pool of opened sessions
      Parameters:
      username - the username
      password - the passowrd
      client - client informations
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • newSession

      public Session newSession(String username, String password, String key, Client client) throws AuthenticationException
      Creates a new session by authenticating the given user and stores it in the pool of opened sessions
      Parameters:
      username - the username
      password - the passowrd
      key - the secret key
      client - client informations
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • newSession

      public Session newSession(String apikey, Client client) throws AuthenticationException
      Creates a new session by authenticating through an API Key and stores it in the pool of opened sessions
      Parameters:
      apikey - the API Key
      client - client informations
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • newSession

      public Session newSession(String apikey, jakarta.servlet.http.HttpServletRequest request) throws AuthenticationException
      Creates a new session by authenticating through an API Key and stores it in the pool of opened sessions
      Parameters:
      apikey - the API Key
      request - the current request
      Returns:
      the session created after the successful login
      Throws:
      AuthenticationException - raised in case of failed login

    • kill

      public void kill(String sid)
      Kills an existing session
      Parameters:
      sid - identifier of the session to kill

    • remove

      public Session remove(Object sid)
      Specified by:
      remove in interface Map<String,Session>
      Overrides:
      remove in class ConcurrentHashMap<String,Session>

    • renew

      public void renew(String sid)
      Renews an opened session
      Parameters:
      sid - The session to be renewed

    • getStatus

      public int getStatus(String sid)

    • isOpen

      public boolean isOpen(String sid)
      Checks if a session is valid or not. A valid session is a one that exists and is in state OPEN
      Parameters:
      sid - The session identifier
      Returns:
      true only if the session exists and is OPEN

    • get

      public Session get(Object sid)
      Specified by:
      get in interface Map<String,Session>
      Overrides:
      get in class ConcurrentHashMap<String,Session>

    • getByClientId

      public Session getByClientId(String clientId)
      Gets the session of the given client
      Parameters:
      clientId - identifier of the client
      Returns:
      the session

    • getByDictionaryValue

      public Session getByDictionaryValue(String key, Object value)
      Gets the session with the specified dictionary value
      Parameters:
      key - identifier of the value in the dictionary
      value - the value to match
      Returns:
      the session

    • countOpened

      public int countOpened()
      Counts the total number of opened sessions
      Returns:
      number of opened sessions

    • countOpened

      public int countOpened(long tenantId)
      Counts the total number of opened sessions per tenant
      Parameters:
      tenantId - identifier of the tenant
      Returns:
      number of opened sessions

    • getSessions

      public List<Session> getSessions()
      Returns the list of sessions of the current node ordered by ascending status and creation date.
      Returns:
      list of sessions

    • getSession

      public Session getSession(jakarta.servlet.http.HttpServletRequest request)
      Gets the Session with the identifier returned by getSessionId(HttpServletRequest)
      Parameters:
      request - the HTTP request
      Returns:
      the found session, can be null

    • getSessionId

      public String getSessionId(jakarta.servlet.http.HttpServletRequest request)
      Gets the Session ID specification from the current request following this lookup strategy:
      1. Request parameter PARAM_SID
      2. Request header PARAM_SID
      3. Request attribute PARAM_SID
      4. Session attribute PARAM_SID
      5. Cookie COOKIE_SID
      6. Header X-API-KEY
      7. Client ID
      8. Spring SecurityContextHolder
      Parameters:
      request - The current request to inspect
      Returns:
      The SID if any

    • saveSid

      public void saveSid(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String sid)
      Saves the session identifier in the request and session attribute PARAM_SID and Cookie COOKIE_SID
      Parameters:
      request - the HTTP request
      response - the HTTP response
      sid - identifier of the session

    • removeSid

      public void removeSid(jakarta.servlet.http.HttpServletRequest request)
      Removes the Sid from the http request
      Parameters:
      request - the HTTP request

    • getCurrentSid

      public static String getCurrentSid()
      Retrieves the session ID of the current thread execution
      Returns:
      the identifier of the session

    • getServletSession

      public jakarta.servlet.http.HttpSession getServletSession(String sid)

    • buildClient

      public Client buildClient(jakarta.servlet.http.HttpServletRequest request)
      Create a client identified using a concatenation of Basic authentication credentials and remote IP.
      Parameters:
      request - The request to process
      Returns:
      The client

    • destroy

      @PreDestroy public void destroy()

    • addListener

      public void addListener(SessionListener listener)

    • removeListener

      public void removeListener(SessionListener listener)

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface Map<String,Session>
      Overrides:
      hashCode in class ConcurrentHashMap<String,Session>

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface Map<String,Session>
      Overrides:
      equals in class ConcurrentHashMap<String,Session>