|
| |
|
| java.lang.Object
 java.lang.Thread
com.lutris.appserver.server.sessionEnhydra.StandardSessionKeyGen
| StandardSessionKeyGen | | public class StandardSessionKeyGen extends Thread (Code) | | The session random key generator. This class implements a background thread
that wakes up and counts the number of Standard Session Manager requests
completed at one or more different interval periods, and
supplements the seed of the Manager's random number generator
in order to make the value of the cookies extremely unpredictable.
This is an absolute requirement if random cookie values are to
be used for any type of security purpose.
This random number generator uses the JDK 1.1 SecureRandom
object, which implements a cryptographic grade random number
generator based on the RSA MD5 one-way hash. In combination with
external user-generated time delay information, the numbers
generated by this object are highly unpredictable, and therefore
suitably secure for their use as session keys.
version:
$Revision: 1.2 $
author:
John Marco
author:
Shawn McMurdo |
| Constructor Summary | |
| public | StandardSessionKeyGen(long intervals)
Constructor a new key generator random number entropy
generator. |
| Method Summary | |
| public void | incrementRandomCounter()
Increment the random counter. | | public String | newSessionKey()
Generates a new random key to identify a session.
This key represents a random integer that is large and sparse
enough to make it highly unlikely that a valid session key can
be guessed by an intruder. | | public void | run()
The main code body of the Idle Timer Thread. | | public void | shutdown()
Shutdown the thread associated with this object. |
| StandardSessionKeyGen | | public StandardSessionKeyGen(long intervals)(Code) | | Constructor a new key generator random number entropy
generator. Initializes timers and counters and start a
thread.
Parameters:
manager - The Standard session manager to be randomized.
Parameters:
intervals - An array of one or more intervals, in secondsin which to periodically supplement the random numbergenerator with external user-generated entropy. |
| incrementRandomCounter | | public void incrementRandomCounter()(Code) | | Increment the random counter. Used for randomization, so doesn't
have to be completely accurate and is not sychronized. The normal
way to use this is to increment it on requests generated by external
sources.
|
| newSessionKey | | public String newSessionKey()(Code) | | Generates a new random key to identify a session.
This key represents a random integer that is large and sparse
enough to make it highly unlikely that a valid session key can
be guessed by an intruder. The randomizer object is
used to generate this key.
This function is reentrant and does not need synchronization.
A string representing a random key. The charactersin this key are constrained to [A-Za-z0-9_-]. Theencoding is more or less Base 64, but instead of '+'and '/' as defined in RFC1521, the characters '_' and'-' are used because they are safe in URLs and file names. |
| run | | public void run()(Code) | | The main code body of the Idle Timer Thread. Enters an endless
loop that sleeps for a configurable period, periodically waking
up to modify the session manager's random seed. An externally
incremented count is used as a source of user-generated randomness.
|
| shutdown | | public void shutdown()(Code) | | Shutdown the thread associated with this object.
|
|
|
|