org.opencms.main

Class CmsSessionManager

java.lang.Object

org.opencms.main.CmsSessionManager

public class CmsSessionManager
extends java.lang.Object

Keeps track of the sessions running on the OpenCms server and provides a session info storage which is used to get an overview about currently authenticated OpenCms users, as well as sending broadcasts between users.

For each authenticated OpenCms user, a CmsSessionInfo object holds the information about the users status.

When a user session is invalidated, the user info will be removed. This happens when a user log out, or when his session times out.

Please Note: The current implementation does not provide any permission checking, so all users can access the methods of this manager. Permission checking based on the current users OpenCms context may be added in a future OpenCms release.

Since:

6.0.0

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	CmsSessionManager() Creates a new instance of the OpenCms session manager.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addSessionInfo(CmsSessionInfo sessionInfo) Adds a new session info into the session storage.
void	checkCreateSessionForUser(CmsUser user) Checks whether a new session can be created for the user, and throws an exception if not.
org.apache.commons.collections.Buffer	getBroadcastQueue(java.lang.String sessionId) Returns the broadcast queue for the given OpenCms session id.
int	getSessionCountAuthenticated() Returns the number of sessions currently authenticated in the OpenCms security system.
int	getSessionCountCurrent() Returns the number of current sessions, including the sessions of not authenticated guest users.
int	getSessionCountTotal() Returns the number of total sessions generated so far, including already destroyed sessions.
CmsSessionInfo	getSessionInfo(CmsUUID sessionId) Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.
CmsSessionInfo	getSessionInfo(javax.servlet.http.HttpServletRequest req) Returns the OpenCms user session info for the given request, or null if no user session is available.
CmsSessionInfo	getSessionInfo(javax.servlet.http.HttpSession session) Returns the OpenCms user session info for the given http session, or null if no user session is available.
CmsSessionInfo	getSessionInfo(java.lang.String sessionId) Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.
java.util.List<CmsSessionInfo>	getSessionInfos() Returns all current session info objects.
java.util.List<CmsSessionInfo>	getSessionInfos(CmsUUID userId) Returns a list of all active session info objects for the specified user.
protected CmsUUID	getSessionUUID(java.lang.String sessionId) Returns the UUID representation for the given session id String.
CmsSystemConfiguration.UserSessionMode	getUserSessionMode() Gets the user session mode.
protected void	initialize(I_CmsSessionStorageProvider sessionStorageProvider) Sets the storage provider.
void	killSession(CmsObject cms, CmsUser user) Kills all sessions for the given user.
void	killSession(CmsObject cms, CmsUUID sessionid) Destroys a session given the session id.
void	sendBroadcast(CmsObject cms, java.lang.String message) Sends a broadcast to all sessions of all currently authenticated users.
void	sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId) Sends a broadcast to the specified user session.
void	sendBroadcast(CmsUser fromUser, java.lang.String message, CmsUser toUser) Sends a broadcast to all sessions of a given user.
protected void	sessionCreated(javax.servlet.http.HttpSessionEvent event) Called by the OpenCmsListener when a http session is created.
protected void	sessionDestroyed(javax.servlet.http.HttpSessionEvent event) Called by the OpenCmsListener when a http session is destroyed.
protected void	setUserSessionMode(CmsSystemConfiguration.UserSessionMode userSessionMode) Sets the user session mode.
protected void	shutdown() Removes all stored session info objects.
void	switchUser(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user) Switches the current user to the given user.
java.lang.String	toString()
void	updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req) Updates the the OpenCms session data used for quick authentication of users.
void	updateSessionInfo(CmsObject cms, javax.servlet.http.HttpSession session) Updates the the OpenCms session data used for quick authentication of users.
void	updateSessionInfos(CmsObject cms) Updates all session info objects, so that invalid projects are replaced by the Online project.
protected void	validateSessionInfos() Validates the sessions stored in this manager and removes any sessions that have become invalidated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CmsSessionManager

protected CmsSessionManager()

Creates a new instance of the OpenCms session manager.

Method Detail

checkCreateSessionForUser

public void checkCreateSessionForUser(CmsUser user)
                               throws CmsException

Checks whether a new session can be created for the user, and throws an exception if not.

Parameters:

user - the user to check

Throws:

CmsException - if no new session for the user can't be created

getBroadcastQueue

public org.apache.commons.collections.Buffer getBroadcastQueue(java.lang.String sessionId)

Returns the broadcast queue for the given OpenCms session id.

Parameters:

sessionId - the OpenCms session id to get the broadcast queue for

Returns:

the broadcast queue for the given OpenCms session id

getSessionCountAuthenticated

public int getSessionCountAuthenticated()

Returns the number of sessions currently authenticated in the OpenCms security system.

Returns:

the number of sessions currently authenticated in the OpenCms security system

getSessionCountCurrent

public int getSessionCountCurrent()

Returns the number of current sessions, including the sessions of not authenticated guest users.

Returns:

the number of current sessions, including the sessions of not authenticated guest users

getSessionCountTotal

public int getSessionCountTotal()

Returns the number of total sessions generated so far, including already destroyed sessions.

Returns:

the number of total sessions generated so far, including already destroyed sessions

getSessionInfo

public CmsSessionInfo getSessionInfo(CmsUUID sessionId)

Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

Parameters:

sessionId - the OpenCms session id to return the session info for

Returns:

the complete user session info of a user from the session storage

getSessionInfo

public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpServletRequest req)

Returns the OpenCms user session info for the given request, or null if no user session is available.

Parameters:

req - the current request

Returns:

the OpenCms user session info for the given request, or null if no user session is available

getSessionInfo

public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpSession session)

Returns the OpenCms user session info for the given http session, or null if no user session is available.

Parameters:

session - the current http session

Returns:

the OpenCms user session info for the given http session, or null if no user session is available

getSessionInfo

public CmsSessionInfo getSessionInfo(java.lang.String sessionId)

Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

Parameters:

sessionId - the OpenCms session id to return the session info for, this must be a String representation of a CmsUUID

Returns:

the complete user session info of a user from the session storage

See Also:

getSessionInfo(CmsUUID)

getSessionInfos

public java.util.List<CmsSessionInfo> getSessionInfos()

Returns all current session info objects.

Returns:

all current session info objects

getSessionInfos

public java.util.List<CmsSessionInfo> getSessionInfos(CmsUUID userId)

Returns a list of all active session info objects for the specified user.

An OpenCms user can have many active sessions. This is e.g. possible when two people have logged in to the system using the same username. Even one person can have multiple sessions if he is logged in to OpenCms with several browser windows at the same time.

Parameters:

userId - the id of the user

Returns:

a list of all active session info objects for the specified user

getUserSessionMode

public CmsSystemConfiguration.UserSessionMode getUserSessionMode()

Gets the user session mode.

Returns:

the user session mode

killSession

public void killSession(CmsObject cms,
               CmsUser user)
                 throws CmsException

Kills all sessions for the given user.

Parameters:

cms - the current CMS context

user - the user for whom the sessions should be killed

Throws:

CmsException - if something goes wrong

killSession

public void killSession(CmsObject cms,
               CmsUUID sessionid)
                 throws CmsException

Destroys a session given the session id. Only allowed for users which have the "account manager" role.

Parameters:

cms - the current CMS context

sessionid - the session id

Throws:

CmsException - if something goes wrong

sendBroadcast

public void sendBroadcast(CmsObject cms,
                 java.lang.String message)

Sends a broadcast to all sessions of all currently authenticated users.

Parameters:

cms - the OpenCms user context of the user sending the broadcast

message - the message to broadcast

sendBroadcast

public void sendBroadcast(CmsObject cms,
                 java.lang.String message,
                 java.lang.String sessionId)

Sends a broadcast to the specified user session.

Parameters:

cms - the OpenCms user context of the user sending the broadcast

message - the message to broadcast

sessionId - the OpenCms session uuid target (receiver) of the broadcast

sendBroadcast

public void sendBroadcast(CmsUser fromUser,
                 java.lang.String message,
                 CmsUser toUser)

Sends a broadcast to all sessions of a given user.

The user sending the message may be a real user like cms.getRequestContext().currentUser() or null for a system message.

Parameters:

fromUser - the user sending the broadcast

message - the message to broadcast

toUser - the target (receiver) of the broadcast

switchUser

public void switchUser(CmsObject cms,
              javax.servlet.http.HttpServletRequest req,
              CmsUser user)
                throws CmsException

Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.

Parameters:

cms - the current CmsObject

req - the current request

user - the user to switch to

Throws:

CmsException - if something goes wrong

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

See Also:

Object.toString()

updateSessionInfo

public void updateSessionInfo(CmsObject cms,
                     javax.servlet.http.HttpServletRequest req)

Updates the the OpenCms session data used for quick authentication of users.

This is required if the user data (current group or project) was changed in the requested document.

The user data is only updated if the user was authenticated to the system.

Parameters:

cms - the current OpenCms user context

req - the current request

updateSessionInfo

public void updateSessionInfo(CmsObject cms,
                     javax.servlet.http.HttpSession session)

Updates the the OpenCms session data used for quick authentication of users.

This is required if the user data (current group or project) was changed in the requested document.

The user data is only updated if the user was authenticated to the system.

Parameters:

cms - the current OpenCms user context

session - the current session

updateSessionInfos

public void updateSessionInfos(CmsObject cms)

Updates all session info objects, so that invalid projects are replaced by the Online project.

Parameters:

cms - the cms context

addSessionInfo

protected void addSessionInfo(CmsSessionInfo sessionInfo)

Adds a new session info into the session storage.

Parameters:

sessionInfo - the session info to store for the id

getSessionUUID

protected CmsUUID getSessionUUID(java.lang.String sessionId)

Returns the UUID representation for the given session id String.

Parameters:

sessionId - the session id String to return the UUID representation for

Returns:

the UUID representation for the given session id String

initialize

protected void initialize(I_CmsSessionStorageProvider sessionStorageProvider)

Sets the storage provider.

Parameters:

sessionStorageProvider - the storage provider implementation

sessionCreated

protected void sessionCreated(javax.servlet.http.HttpSessionEvent event)

Called by the OpenCmsListener when a http session is created.

Parameters:

event - the http session event

See Also:

HttpSessionListener.sessionCreated(javax.servlet.http.HttpSessionEvent), OpenCmsListener.sessionCreated(HttpSessionEvent)

sessionDestroyed

protected void sessionDestroyed(javax.servlet.http.HttpSessionEvent event)

Called by the OpenCmsListener when a http session is destroyed.

Parameters:

event - the http session event

See Also:

HttpSessionListener.sessionDestroyed(javax.servlet.http.HttpSessionEvent), OpenCmsListener.sessionDestroyed(HttpSessionEvent)

setUserSessionMode

protected void setUserSessionMode(CmsSystemConfiguration.UserSessionMode userSessionMode)

Sets the user session mode.

Parameters:

userSessionMode - the user session mode

shutdown

protected void shutdown()
                 throws java.lang.Exception

Removes all stored session info objects.

Throws:

java.lang.Exception - if something goes wrong

validateSessionInfos

protected void validateSessionInfos()

Validates the sessions stored in this manager and removes any sessions that have become invalidated.