Package com.iplanet.dpro.session

Class Session

  • All Implemented Interfaces:
    Blacklistable, AMSession
    Direct Known Subclasses:
    StatelessSession
    public class Session
extends Object
implements Blacklistable, AMSession
    The Session class represents a session. It contains session related information such as session ID, session type (user/application), client ID (user ID or application ID), session idle time, time left on the session, and session state. It also allows applications to add listener for session events.
    See Also:
    SessionID, SessionListener

    • Field Detail

      • sessionState

        protected SessionState sessionState
        Four possible values for the state of the session:
        • Invalid
        • Valid
        • Inactive
        • Destroyed

      • sessionProperties

        protected Hashtable<String,​String> sessionProperties
        All session related properties are stored as key-value pair in this table.

    • Constructor Detail

      • Session

        public Session​(SessionID sid)
        Constructor used by this package only. ClientSDK: This code has to operate both on the serer and the client. It needs to be able to resolve dependencies in an appropriate way in both conditions.

    • Method Detail

      • getSessionID

        public SessionID getSessionID()

      • getCookieStr

        public String getCookieStr()

      • setCookieStr

        public void setCookieStr​(String str)

      • setContext

        public void setContext​(Object context)

      • getID

        public SessionID getID()
        Returns the session ID.
        Specified by:
        getID in interface AMSession
        Returns:
        The session ID.

      • setID

        protected void setID​(SessionID sessionID)
        Updates the ID of the session. Used when updating a stateless session.
        Parameters:
        sessionID - the new session ID for the session.

      • getType

        public SessionType getType()
        Returns the session type.
        Returns:
        The session type.

      • getClientID

        public String getClientID()
        Returns the client ID in the session.
        Returns:
        The client ID in the session.

      • getClientDomain

        public String getClientDomain()
        Returns the client domain in the session.
        Returns:
        The client domain in the session.

      • getMaxSessionTime

        public long getMaxSessionTime()
        Returns the maximum session time in minutes.
        Returns:
        The maximum session time.

      • getMaxIdleTime

        public long getMaxIdleTime()
        Returns the maximum session idle time in minutes.
        Returns:
        The maximum session idle time.

      • isTimedOut

        public boolean isTimedOut()
                   throws SessionException
        Returns true if the session has timed out.
        Returns:
        true if session timed out, falseotherwise
        Throws:
        SessionException

      • getMaxCachingTime

        public long getMaxCachingTime()
        Returns the maximum session caching time in minutes.
        Returns:
        The maximum session caching time.

      • getIdleTime

        public long getIdleTime()
                 throws SessionException
        Returns the session idle time in seconds.
        Returns:
        The session idle time.
        Throws:
        SessionException - if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service.

      • getTimeLeft

        public long getTimeLeft()
                 throws SessionException
        Returns the time left for this session in seconds.
        Returns:
        The time left for this session.
        Throws:
        SessionException - is thrown if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service.

      • getBlacklistExpiryTime

        public long getBlacklistExpiryTime()
                            throws BlacklistException
        The time (in milliseconds from the UTC epoch) until this session can be removed from a session blacklist. This is guaranteed to be some time after the session has expired.
        Specified by:
        getBlacklistExpiryTime in interface Blacklistable
        Returns:
        the at which the session expires (if it has not already) plus a purge delay.
        Throws:
        BlacklistException - if the session has already expired or an error occurs.

      • getLatestRefreshTime

        public long getLatestRefreshTime()
        Gets the time at which the Session was last refreshed from the master copy (in seconds).
        Returns:
        The latest time at which the session was refreshed.

      • getState

        public SessionState getState​(boolean reset)
                      throws SessionException
        Returns the state of the session.
        Parameters:
        reset - This parameter indicates that whether the Session Service needs to reset the latest access time on this session.
        Returns:
        The state of the session. The session state is one of the following: INVALID, VALID, INACTIVE, and DESTROYED.
        Throws:
        SessionException - is thrown if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service.

      • getProperty

        public String getProperty​(String name)
                   throws SessionException
        Gets the property stored in this session.
        Parameters:
        name - The property name.
        Returns:
        The property value in String format.
        Throws:
        SessionException - is thrown if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service.

      • dereferenceRestrictedTokenID

        public String dereferenceRestrictedTokenID​(Session session,
                                           String restrictedId)
                                    throws SessionException
        Given a restricted token, returns the SSOTokenID of the master token can only be used if the requester is an app token This functionality is only available in server mode.
        Parameters:
        session - Must be an app token
        restrictedId - The SSOTokenID of the restricted token
        Returns:
        The SSOTokenID string of the master token
        Throws:
        SSOException - If the master token cannot be dereferenced
        SessionException

      • isRestricted

        public boolean isRestricted()
                     throws SessionException
        Returns true if the SSOTokenID associated with this SSOToken is a restricted token, false otherwise.
        Returns:
        true if the token is restricted
        Throws:
        SSOException - If we are unable to determine if the session is restricted
        SessionException

      • getPropertyWithoutValidation

        public String getPropertyWithoutValidation​(String name)
        Gets the property stored in this session.
        Parameters:
        name - The property name.
        Returns:
        The property value in String format only when run in the server mode else return null

      • setProperty

        public void setProperty​(String name,
                        String value)
                 throws SessionException
        Sets a property for this session.
        Parameters:
        name - The property name.
        value - The property value.
        Throws:
        SessionException - if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service, or if the property name or value was null.

      • maxCachingTimeReached

        public boolean maxCachingTimeReached()
        Used to find out if the maximum caching time has reached or not.

      • getSessionServiceURL

        public URL getSessionServiceURL()
                         throws SessionException
        Gets the Session Service URL for this session object.
        Returns:
        The Session Service URL for this session.
        Throws:
        SessionException - when cannot get Session URL.

      • destroySession

        public void destroySession​(Session session)
                    throws SessionException
        Destroys a session.
        Parameters:
        session - The session to be destroyed.
        Throws:
        SessionException - if there was an error during communication with session service, or the corresponding session reached its maximum session/idle time, or the session was destroyed.

      • logout

        public void logout()
            throws SessionException
        Logs out a session.
        Throws:
        SessionException - if there was an error during communication with session service. If the session logged out already, no exception will be thrown.

      • addSessionListener

        public void addSessionListener​(SessionListener listener)
                        throws SessionException
        Adds a session listener for session change events.
        Parameters:
        listener - Session Listener object.
        Throws:
        SessionException - if the session state is not valid.

      • addSessionListener

        public void addSessionListener​(SessionListener listener,
                               boolean force)
                        throws SessionException
        Adds a session listener for session change events.
        Parameters:
        listener - Session Listener object.
        force - whether to ignore whether a Session is in the Invalid state. If false will throw an exception if the Session is Invalid.
        Throws:
        SessionException - if the session state is not valid.

      • getValidSessions

        public SearchResults<Session> getValidSessions​(String server,
                                               String pattern)
                                        throws SessionException
        Gets all valid sessions from the specified session server. This session is subject to access control in order to get all sessions.
        Parameters:
        server - The session server name. If the server name contains protocol and port, the protocol and port will be used. Otherwise, the server protocol and port is default to the same protocol and port of the calling session.
        Returns:
        A Vector of Session objects.
        Throws:
        SessionException - if there was an error during communication with session service.

      • invokeListeners

        public static void invokeListeners​(SessionEvent sessionEvent)
        Invokes all listeners on the Session associated with the event.
        Parameters:
        sessionEvent - Non null Session Event.

      • refresh

        public void refresh​(boolean reset)
             throws SessionException
        Gets the latest session from session server and updates the local cache of this session.
        Parameters:
        reset - The flag to indicate whether to reset the latest session access time in the session server.
        Throws:
        SessionException - if the session reached its maximum session time, or the session was destroyed, or there was an error during communication with session service.

      • setRestriction

        protected void setRestriction​(TokenRestriction restriction)
        Sets a token restriction on this session. Optional operation - specific sub-classes can throw an exception if not supported.
        Parameters:
        restriction - the restriction to apply to this session.
        Throws:
        UnsupportedOperationException - if this session type does not support token restrictions.

      • timeout

        public void timeout()
        Set the timeout time for this Session if it wasn't already set.

      • addInternalSessionListener

        public void addInternalSessionListener()
        Add listener to Internal Session.

      • getCookieSupport

        public boolean getCookieSupport()
        Returns true if cookies are supported else false. The cookieSupport value is first determined from the Session ID object , if that is null then it is determined based on the cookie mode value set in the Session object else cookieSupport value is retrieved from the session property cookieSupport. If cookie Support value is not determined then the the default "false" is assumed.

      • setCookieMode

        public void setCookieMode​(Boolean cookieMode)
        Set the cookie Mode based on whether the request has cookies or not. This method is called from createSSOToken(request) method in SSOTokenManager.
        Parameters:
        cookieMode - whether request has cookies or not.

      • getStableStorageID

        public String getStableStorageID()
        Returns a stable ID that can be used as a unique identifier when storing this session.
        Specified by:
        getStableStorageID in interface Blacklistable
        Returns:
        a unique stable storage id.