| com.uwyn.rife.authentication.SessionValidator
All known Subclasses: com.uwyn.rife.authentication.sessionvalidators.DatabaseSessionValidator, com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator,
| SessionValidator | | public interface SessionValidator (Code) | | This interface defines the methods that classes with
SessionValidator functionalities have to implement.
A
SessionValidator is essentially a bridge between a
CredentialsManager and a
SessionManager . The
validity of a session is often dependent on external attributes which define
the context for a valid session that goes beyond a valid session id.
Typical uses can be:
- a user can become blocked during an active session,
- a user is a member of different groups (roles) and only
has access to certain resources when being part of a
particular group,
- a user needs to provide information at the first valid log-in,
without providing this information the user can't access any
of the resources in the application.
All these scenarios require additional information and additional processing
that are often specific to each implementation of a
CredentialsManager .
Since any
CredentialsManager can be combined with any
SessionManager , performance would often not be optimal.
For example, if the credentials and the session information are stored in the
same database. Completely isolating all fuctionalities would cause more
database queries to be executed than what's really needed. By implementing
the combined functionality of verifying a valid authentication session in a
bridge class that implements the
SessionValidator interface,
only one query can be used to provide the same results. Thus, dramatically
increasing performance.
author:
Geert Bevin (gbevin[remove] at uwyn dot com)
version:
$Revision: 3643 $
See Also: com.uwyn.rife.authentication.sessionvalidators.AbstractSessionValidator
See Also: com.uwyn.rife.authentication.SessionAttributes
See Also: com.uwyn.rife.authentication.CredentialsManager
See Also: com.uwyn.rife.authentication.SessionManager
since:
1.0 |
| getCredentialsManager | | public CredentialsManager getCredentialsManager()(Code) | | Retrieves the currently used
CredentialsManager .
The current CredentialsManager .
since:
1.0 |
| getRememberManager | | public RememberManager getRememberManager()(Code) | | Retrieves the currently used
RememberManager .
The current RememberManager .
since:
1.0 |
| getSessionManager | | public SessionManager getSessionManager()(Code) | | Retrieves the currently used
SessionManager .
The current SessionManager .
since:
1.0 |
| isAccessAuthorized | | public boolean isAccessAuthorized(int id)(Code) | | Indicates if the provided validity identifier is considered as
valid and that the access to the secured resource is thus
authorized.
Normally, specific business logic is only required for the situations in
which access has prohibited. This method is used to make it possible to
provide automatic access to the secured resource.
Parameters:
id - The numeric identifier that is returned by the validateSession method. true if access to the secured resource wasauthorized; or false if access was prohibited.
since:
1.0 |
| setCredentialsManager | | public void setCredentialsManager(CredentialsManager credentialsManager)(Code) | | Sets the
CredentialsManager that will be used.
Parameters:
credentialsManager - The new CredentialsManager .
since:
1.0 |
| setRememberManager | | public void setRememberManager(RememberManager rememberManager)(Code) | | Sets the
RememberManager that will be used.
Parameters:
rememberManager - The new RememberManager .
since:
1.0 |
| setSessionManager | | public void setSessionManager(SessionManager sessionManager)(Code) | | Sets the
SessionManager that will be used.
Parameters:
sessionManager - The new SessionManager .
since:
1.0 |
| validateSession | | public int validateSession(String authId, String hostIp, SessionAttributes attributes) throws SessionValidatorException(Code) | | Validates an existing session according to a set of attributes that
define the context in which this validation occurs.
This method is typically executed for each access to a secured resource,
performance is thus of critical importance.
The implementation of this method should be optimal for the combination
of the used
CredentialsManager and
SessionManager . Specific code that combines the features of
both managers should be written, instead of relying on the abstracted api
of each manager. Paying attention to the implementation of this method
can dramatically reduce the overhead of securing resources.
Parameters:
authId - The unique id of the authentication session that needsto be validated.
Parameters:
hostIp - The ip address of the host from which the user accessesthe application.
Parameters:
attributes - Access to the attributes that define that contextin which the session has to be validated. A number that indicates the validation state of the session.This allows the application to go beyond valid orinvalid. Additional states like for example : blocked,initial login and disabled, can be used by usingdifferent numbers.
throws:
SessionValidatorException - An undefined number of exceptionalcases or error situations can occur when a session is validated. They areall indicated by throwing an instance of SessionValidatorException . It's up to the implementations ofthis interface to give more specific meanings to these exceptions.
since:
1.0 |
|
|