Interface SessionManagement


  • public interface SessionManagement
    Internal login sessions management
    Author:
    K. Benedyczak
    • Method Detail

      • getCreateSession

        LoginSession getCreateSession​(long loggedEntity,
                                      AuthenticationRealm realm,
                                      String label,
                                      String outdatedCredentialId,
                                      LoginSession.RememberMeInfo rememberMeInfo,
                                      AuthenticationOptionKey firstFactorOptionId,
                                      AuthenticationOptionKey secondFactorOptionId)
        Tries to find a session for the entity in the given realm. If the session is not found then a new session is established.
        Parameters:
        loggedEntity -
        realm -
        label - used only when a new session is created
        outdatedCredential - used only if a new session is created
        rememberMeInfo - information about remember me steps inactive timeout).
        Returns:
      • updateSessionAttributes

        void updateSessionAttributes​(String id,
                                     SessionManagement.AttributeUpdater updater)
        Updates the extra attributes of the session. Update is done via callback to enable transactional access.
      • updateSessionActivity

        void updateSessionActivity​(String id)
        Updates the lastUsed timestamp of a session. The implementation may delay this action if the previous update happened recently.
      • recordAdditionalAuthentication

        void recordAdditionalAuthentication​(String id,
                                            AuthenticationOptionKey optionId)
        Records additional re-authentication fact to the session
      • removeSession

        void removeSession​(String id,
                           boolean soft)
        Removes a given session. Missing session is silently ignored.
        Parameters:
        id -
        soft - if true then only the login data is removed from the HTTP session. Otherwise the whole session is invalidated
      • addSessionParticipant

        void addSessionParticipant​(SessionParticipant... participant)
        Adds given participants to the current login session