...
| Table of Contents | ||
|---|---|---|
|
...
In XperienCentral there are actually three different sessions that play a role in Session Management:
| Session Interface | Description |
|---|---|
| XperienCentral specific session. Acts as a wrapper of XperienCentral specific context information and the JCR and HTTP sessions. |
| JCR session, needed to read and write from and to the JCR. |
| Website visitor session (see Java API documentation) |
Session Management is handled by the Session Manager service which only provides getters and instantiate methods for the first session type; the nl.gx.webmanager.foundation.Session. Because this is a wrapper around the other two sessions, you always have access to all three sessions if you have access to this session. The major purpose of the session is to define authorization. Authorization depends on the roles associated with the user stored in the session.
Session Stack
When an editor is working in the Workspace, the sessions are created automatically by the XperienCentral framework. For each request, XperienCentral identifies the user according to the cookie sent, together with the request, and creates a new XperienCentral session. This XperienCentral session is put on the top of the “session stack”. When the response is sent back to the client, this session is removed from the stac, therefore this session exists during the complete lifetime of the request.
During this lifetime, a second session can be created, which is again put on top of the session stack. The component that created the session is also responsible for closing the session. The purpose of using nested sessions is that actions performed within a specific session can be undone separately. The image below shows an example of a session stack:
- Session 1 is created and closed automatically by the framework
- Plugin 2 creates its own session 2 and closes it afterwards
- Plugin 3 creates its own session 3 and invokes a service from plugin 4
- The service in plugin 4 creates its own session 4 and closes it afterwards
- The session 3 is closed by plugin 3
- The framework automatically closes session 1
...
Retrieving and Creating Sessions
...
To create the session, the SessionManager.createSession(HttpServletRequest, HttpServletResponse) method can be used. The HTTP request and response usually are not available but you can use mock requests and responses instead via the Spring mock module (org.springframework.mock.web). After logging in you should still invoke AuthorizationService.login(username, password, request) in order to be granted the proper authorization. The code example below shows an example of creating a session for user USERNAMEKEY on webinitiative with ID WEBSITEKEY and password PASSWORDKEY:
| Code Block | ||
|---|---|---|
| ||
private Session login() {
try {
String portnr = myConfigService.getParameter("website_settings.frontend_portnr", null, "default");
String hostname = myConfigService.getParameter("website_settings.backend_hostname", null, "default");
String username = myConfigService.getParameter(USERNAMEKEY);
String password = myConfigService.getParameter(PASSWORDKEY);
String website = myConfigService.getParameter(WEBSITEKEY);
// Create mocks for the servlet request and response
MockServletContext context = new MockServletContext();
MockHttpServletRequest request = new MockHttpServletRequest(context);
request.addParameter("webid", website);
request.setServerName(hostname);
request.setServerPort(Integer.parseInt(portnr));
MockHttpServletResponse response = new MockHttpServletResponse();
// Create a new session from this mock request
Session session = mySessionManager.createSession(requestwebsite, responseusername);
request.setAttribute(Session.XPERIENCENTRAL_SESSION_KEY, session);
// Login using the authorization service
if (!myAuthorizationService.login(username, password, request)) {
LOG.warning("Login failed.");
return null;
}
return session;
} catch(ConfigurationManagementException e) {
LOG.log(Level.SEVERE, "An exception occurred during login()", e);
return null;
}
} |