com.iplanet.dpro.session

Class SessionID

java.lang.Object

com.iplanet.dpro.session.SessionID

All Implemented Interfaces:

Serializable

public class SessionID
extends Object
implements Serializable

The SessionID class is used to identify a Session object. It contains a random String and the name of the session server. The random String in the Session ID is unique on a given session server.

See Also:

Session, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected String	sessionDomain
static String	SHANDLE_SCHEME_PREFIX

Constructor Summary

Constructors

Constructor and Description
SessionID() Creates a default instance of SessionID with a null Session ID.
SessionID(javax.servlet.http.HttpServletRequest request) Constructs a SessionID object based on a HttpServletRequest object. but if cookie is not found it checks the URL for session ID.
SessionID(String sid) Constructs a SessionID object based on a Session ID.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object object) Compares this Session ID to the specified object.
static String	generateAmCtxID(SessionServerConfig serverConfig)
SessionID	generateRelatedSessionID(SessionServerConfig serverConfig)
String	generateSessionHandle(SessionServerConfig serverConfig)
static SessionID	generateSessionID(SessionServerConfig serverConfig, String domain) Generates new SessionID
static SessionID	generateStatelessSessionID(SessionServerConfig serverConfig, String domain, String jwt) Generates a new stateless session ID.
boolean	getComingFromAuth() This method returns the boolean representing if this session id is a regular auth token, generated via AuthContext API and not a restricted one.
Boolean	getCookieMode() Returns the if the cookies are supported.
SessionIDExtensions	getExtension() Retrieves extension value by name Currently used session id extensions are SessionService.SITE_ID server id (from platform server list) hosting this session (in failover mode this will be server id of the load balancer) SessionService.PRIMARY_ID, SessionService.SECONDARY_ID used if internal request routing mode is enabled.
String	getSessionDomain() Gets the domain where this session belongs to.
String	getSessionServer() Gets the session server name in this object.
String	getSessionServerID() Gets the session server id in this object.
String	getSessionServerPort() Gets the session server port in this object
String	getSessionServerProtocol() Returns the session server name in this object.
String	getSessionServerURI() Returns the session server path in this object.
String	getSessionServerURL() Returns the session server URL in this object.
String	getTail() Returns tail part of session id
int	hashCode() Returns a hash code for this object.
boolean	isC66Encoded() Determines whether the session ID is c66 encoded or not.
boolean	isNull() Checks if encrypted string is null or empty
boolean	isSessionHandle()
static String	makeRelatedSessionID(String encryptedID, SessionID prototype) Generates encoded session id string which uses the same extensions and tail part as prototype session id, but a different encrypted ID.
void	setComingFromAuth(boolean comingFromAuth) This method sets the boolean representing if this session id is a regular auth token, generated via AuthContext API
protected void	setServerID(String id) Sets the server info by making a naming request by passing its id which is in session id and parses it.
String	toString() Returns the encrypted session string.
void	validate() This method validates that the received session ID points to an existing server ID, and the site ID also corresponds to the server ID found in the session.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

SHANDLE_SCHEME_PREFIX

public static final String SHANDLE_SCHEME_PREFIX

See Also:

Constant Field Values

sessionDomain

protected String sessionDomain

Constructor Detail

SessionID

public SessionID(javax.servlet.http.HttpServletRequest request)

Constructs a SessionID object based on a HttpServletRequest object. but if cookie is not found it checks the URL for session ID.

Parameters:

request - HttpServletRequest object which contains the encrypted session string.

SessionID

public SessionID()

Creates a default instance of SessionID with a null Session ID. Note: This function is needed for deserialisation.

SessionID

public SessionID(String sid)

Constructs a SessionID object based on a Session ID.

Parameters:

sid - The session ID String in an encrypted format.

Method Detail

isNull

public boolean isNull()

Checks if encrypted string is null or empty

Returns:

true if encrypted string is null or empty.

getSessionServerURI

public String getSessionServerURI()

Returns the session server path in this object.

Returns:

The session server path in this object.

getSessionServerURL

public String getSessionServerURL()

Returns the session server URL in this object.

Returns:

The session server URL in this object.

getComingFromAuth

public boolean getComingFromAuth()

This method returns the boolean representing if this session id is a regular auth token, generated via AuthContext API and not a restricted one.

Returns:

The boolean representing if this session id is that of a regular auth token, generated via AuthContext API

setComingFromAuth

public void setComingFromAuth(boolean comingFromAuth)

This method sets the boolean representing if this session id is a regular auth token, generated via AuthContext API

Parameters:

comingFromAuth - boolean representing if the token has been generated by AuthContext and is a regular token, not restricted one.

getSessionServerProtocol

public String getSessionServerProtocol()

Returns the session server name in this object.

Returns:

The session server protocol in this object.

getSessionServerPort

public String getSessionServerPort()

Gets the session server port in this object

Returns:

The session server port in this object.

getSessionServer

public String getSessionServer()

Gets the session server name in this object.

Returns:

The session server name in this object.

getSessionDomain

public String getSessionDomain()

Gets the domain where this session belongs to.

Returns:

The session domain name.

getSessionServerID

public String getSessionServerID()

Gets the session server id in this object.

Returns:

The session server id in this object.

toString

public String toString()

Returns the encrypted session string. By doing so it also makes it possible to use this string representation for serializing/deserializing SessionID objects for session failover.

Overrides:

toString in class Object

Returns:

An encrypted session string.

See Also:

JSONSerialisation

equals

public boolean equals(Object object)

Compares this Session ID to the specified object. The result is true if and only if the argument is not null and the random string and server name are the same in both objects.

Overrides:

equals in class Object

Parameters:

object - the object to compare this Session ID against.

Returns:

true if the Session ID are equal; false otherwise.

hashCode

public int hashCode()

Returns a hash code for this object.

Overrides:

hashCode in class Object

Returns:

a hash code value for this object.

setServerID

protected void setServerID(String id)

Sets the server info by making a naming request by passing its id which is in session id and parses it.

Parameters:

id - ServerID

getTail

public String getTail()

Returns tail part of session id

Returns:

An opaque tail part of session id

getCookieMode

public Boolean getCookieMode()

Returns the if the cookies are supported.

Returns:

Boolean object value which is Boolean.TRUE if supported FALSE otherwise

getExtension

public SessionIDExtensions getExtension()

Retrieves extension value by name Currently used session id extensions are SessionService.SITE_ID server id (from platform server list) hosting this session (in failover mode this will be server id of the load balancer) SessionService.PRIMARY_ID, SessionService.SECONDARY_ID used if internal request routing mode is enabled.

Returns:

extension.

makeRelatedSessionID

public static String makeRelatedSessionID(String encryptedID,
                                          SessionID prototype)
                                   throws SessionException

Generates encoded session id string which uses the same extensions and tail part as prototype session id, but a different encrypted ID. This method is used to generate session handle and restricted token id for a given master session id. Related session IDs must share extensions and tail information in order for session failover to work properly

Parameters:

encryptedID - encrypted ID.

prototype - session ID to copy extensions and tail from

Returns:

encoded session id

Throws:

SessionException

isC66Encoded

public boolean isC66Encoded()

Determines whether the session ID is c66 encoded or not.

Returns:

true if the session ID is non-null and c66-encoded.

See Also:

Constants.C66_ENCODE_AM_COOKIE

generateRelatedSessionID

public SessionID generateRelatedSessionID(SessionServerConfig serverConfig)
                                   throws SessionException

Throws:

SessionException

isSessionHandle

public boolean isSessionHandle()

Returns:

true if this SessionID actually represents a session handle.

generateSessionHandle

public String generateSessionHandle(SessionServerConfig serverConfig)
                             throws SessionException

Throws:

SessionException

generateAmCtxID

public static String generateAmCtxID(SessionServerConfig serverConfig)

generateSessionID

public static SessionID generateSessionID(SessionServerConfig serverConfig,
                                          String domain)
                                   throws SessionException

Generates new SessionID

Parameters:

serverConfig - Required server configuration

domain - session domain

Returns:

newly generated session id

Throws:

SessionException

generateStatelessSessionID

public static SessionID generateStatelessSessionID(SessionServerConfig serverConfig,
                                                   String domain,
                                                   String jwt)
                                            throws SessionException

Generates a new stateless session ID.

Parameters:

serverConfig - Required server configuration.

domain - session domain.

jwt - the stateless session JWT.

Returns:

the stateless session ID.

Throws:

SessionException - if an error occurs encoding the session ID.

validate

public void validate()
              throws SessionException

This method validates that the received session ID points to an existing server ID, and the site ID also corresponds to the server ID found in the session. Within this method two "extensions" are of interest: SITE_ID and PRIMARY_ID. The PRIMARY_ID extension contains the hosting server's ID, but only if the given server belongs to a site. The SITE_ID extension contains either the primary site's ID (if the hosting server belongs to a site) or the hosting server's ID. This method will look at the extensions and make sure that they match up with the naming table of this environment. If there is a problem with the session ID (e.g. the server ID actually points to a primary or secondary site, or if the server ID doesn't actually correlate with the site ID), then a SessionException is thrown in order to prevent forwarding of the received session request. A possible scenario for having such an incorrect session ID would be having multiple OpenAM environments using the same cookie domain and cookie name settings.

Throws:

SessionException - If the validation failed, possibly because the provided session ID was malformed or not created within this OpenAM deployment.