com.redhat.rhn.manager.session

Class SessionManager

java.lang.Object

com.redhat.rhn.manager.BaseManager

com.redhat.rhn.manager.session.SessionManager

public class SessionManager
extends BaseManager

SessionManager is the helper class used to fetch configuration about com.redhat.rhn.domain.session.Session objects.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	SEC_PARM_TOKENIZER_CHAR
static long	TIMEOUT_VAL

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SessionManager()

Method Summary

Modifier and Type	Method and Description
static void	extendSessionLifetime(WebSession session)
static java.lang.String	extractSecureParam(java.lang.String data) If this is a valid secure param string, then extract the secure param and return it.
static java.lang.String	generateSessionKey(java.lang.String data) Generates a session key for usage in passing sensitive url based parameters around in a safe way.
static boolean	isPxtSessionKeyValid(java.lang.String key) Verifies that the specified string is a valid pxt session key.
static boolean	isValidSecureParam(java.lang.String data) Determine if this is a secure param as created by the other methods on this class.
static void	killSession(java.lang.String sessionKey) Removes the session specified by sessionKey from the database.
static long	lifetimeValue() Return the lifetime in seconds of the Session.
static WebSession	loadSession(java.lang.String sessionKey) Returns the session identified by sessionKey
static WebSession	lookupByKey(java.lang.String key) Lookup a Session by it's key
static java.lang.String	makeSecureParamNoTimestamp(java.lang.String data) Create a secure param string without timestamp
static java.lang.String	makeSecureParamTimestamped(java.lang.String data) Create a secure param string with a timestamp for the current time.
static WebSession	makeSession(java.lang.Long uid, long duration) Create a new Session from scratch with the specified attributes.
static void	purgeUserSessions(User user) Removes all the sessions of a user.
static int	removeSession(WebSession s) Removes the given session.

Methods inherited from class com.redhat.rhn.manager.BaseManager

makeDataResult, makeDataResult, makeDataResult, makeDataResult, makeDataResultNoPagination, makeDataResultNoPagination, processListControl, processPageControl

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SEC_PARM_TOKENIZER_CHAR

public static final java.lang.String SEC_PARM_TOKENIZER_CHAR

See Also:

Constant Field Values

TIMEOUT_VAL

public static final long TIMEOUT_VAL

See Also:

Constant Field Values

Constructor Detail

SessionManager

protected SessionManager()

Method Detail

lifetimeValue

public static long lifetimeValue()

Return the lifetime in seconds of the Session. This differs from the timeoutValue() above which is the time from now the Session should finish. It's a subtle difference but needed since the PXTSession table expects the time the session should expire while the cookie in Tomcat expects the lifetime of the session in seconds, it will calculate the time for you.

Returns:

the lifetime in seconds of the Session.

makeSession

public static WebSession makeSession(java.lang.Long uid,
                                     long duration)

Create a new Session from scratch with the specified attributes. This session will already be in the database, and will thus have a session ID.

Parameters:

uid - User Id associated with this WebSession

duration - duration of WebSession, in ms.

Returns:

the Session created

removeSession

public static int removeSession(WebSession s)

Removes the given session.

Parameters:

s - WebSession to remove.

Returns:

number of sessions removed (typically 1 or 0).

loadSession

public static WebSession loadSession(java.lang.String sessionKey)

Returns the session identified by sessionKey

Parameters:

sessionKey - The key for the session that is requested

Returns:

Returns the WebSession identified by the sessionKey

killSession

public static void killSession(java.lang.String sessionKey)

Removes the session specified by sessionKey from the database.

Parameters:

sessionKey - Key for the session you want to remove.

generateSessionKey

public static java.lang.String generateSessionKey(java.lang.String data)

Generates a session key for usage in passing sensitive url based parameters around in a safe way.

Parameters:

data - String data to generate key on

Returns:

String SHA-256 hash (with "salt") of passed in data.

makeSecureParamNoTimestamp

public static java.lang.String makeSecureParamNoTimestamp(java.lang.String data)

Create a secure param string without timestamp

Parameters:

data - param to be secured

Returns:

String secure param string (no timestamp)

makeSecureParamTimestamped

public static java.lang.String makeSecureParamTimestamped(java.lang.String data)

Create a secure param string with a timestamp for the current time.

Parameters:

data - param to be secured.

Returns:

String secure param string (timestamped)

isValidSecureParam

public static boolean isValidSecureParam(java.lang.String data)

Determine if this is a secure param as created by the other methods on this class. The string parameter "data" should be of the form <param>:<encoded> or <param>:<timestamp>:<encoded>. If it is of the 1st form, then the <param> value is re-encoded and it is compared to the <encoded> value. If it is of the 2nd form, then first the timeout value is compared against the <timestamp> value. If that is in range, then the <param>:<timestamp> combined value is re-encoded and compared against the <encoded> value.

Parameters:

data - potentially secure param string

Returns:

boolean true if it is, otherwise false

extractSecureParam

public static java.lang.String extractSecureParam(java.lang.String data)

If this is a valid secure param string, then extract the secure param and return it. Otherwise return an empty string.

Parameters:

data - secure param string

Returns:

String secure param or empty string

isPxtSessionKeyValid

public static boolean isPxtSessionKeyValid(java.lang.String key)

Verifies that the specified string is a valid pxt session key.

Parameters:

key - The session key to be validated

Returns:

true if the key is valid. Note that null is acceptable input and will result in false being returned.

lookupByKey

public static WebSession lookupByKey(java.lang.String key)

Lookup a Session by it's key

Parameters:

key - The key containing the session id and hash

Returns:

Returns the session if the key is valid.

purgeUserSessions

public static void purgeUserSessions(User user)

Removes all the sessions of a user. This action is useful especially when we disable/deactivate a user. We donot want a deactivated user's sessions to be alive..

Parameters:

user - the user whose sessions are to be purged.

extendSessionLifetime

public static void extendSessionLifetime(WebSession session)

Parameters:

session - session which lifetime should be extended