[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?

Wed Mar 29 07:48:15 EDT 2017

Antoine,

That's exactly where I am heading too.  Is there any chance you still have
our can share the code you used to do that?

Thanks,

Eric

On Mar 29, 2017 7:24 AM, "Antoine Girard" <antoine.girard at ymail.com> wrote:

> I did a similar thing once: persisting sessions into a Redis data store.
> My starting point was the InMemorySessionManager.
>
> Good luck to you!
>
> Cheers,
> Antoine
>
> On Wed, Mar 29, 2017 at 1:09 PM, Eric B <ebenzacar at gmail.com> wrote:
>
>> From my understanding, I was thinking/planning to create my own
>> SessionManager to handle the Session loading.  And from the docs, it
>> indicates that the SessionManager must delegate retrieving the sessionId to
>> the SessionConfig object.
>>
>> Am I heading down the wrong path?  Is there an easier/another way to
>> load/persist the session?
>>
>> Thanks
>>
>> Eric
>>
>>
>>
>> On Mar 29, 2017 7:01 AM, "Bill O'Neil" <bill at dartalley.com
>> <bill at dartalleycom>> wrote:
>>
>> If you want such a custom solution why not just use a cookie and ignore
>> all of the SessionConfig code. You can write a handler that checks for
>> the cookie and attaches your own custom session object to the exchange
>> based on the cookie.
>>
>> On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:
>>
>>> Stuart,
>>>
>>> My goal is to actually replace the JSESSIONID cookie/mechanism with my
>>> own mechanism.  I am looking to use a JsonWebToken (JWT) to pass my
>>> JSESSIONID to the application for a few different reasons:
>>> 1) I would like to sign the JSESSIONID
>>> 2) I would like to pass additional data along with the JSESSIONID (ex:
>>> some auth claims)
>>> 3) I want to be able to share this information between different
>>> containers
>>> 4) I want to pass a TTL with my token
>>>
>>>
>>> At some level, I am trying to hack together an SSO solution temporarily
>>> which would allow me to log into one container, and have some credentials
>>> pass to another container.  My issue is that both containers are session
>>> based, and hence, need to be able to retrieve a session from a sessionId.
>>> However, I also want to make sure that sessions don't expire - that is if I
>>> am working in container 2, that my session in container 1 continues to live
>>> (if the user gets redirected back to container 1).
>>>
>>> So, in essence, I am looking to be able to extract my SessionId from a
>>> mechanism other than the standard JSESSIONID cookie, but yet, still
>>> continue to use the sessions seamlessly.
>>>
>>> I figure I could potentially hack around the design using the
>>> SessionConfigWrapper in which I use the wrap() method to return my own
>>> SessionConfig object, but that does not seem to fit in the spirit or design
>>> of the wrapper.
>>>
>>> Is there another/better way to accomplish something like this?  Or is
>>> undertow designed with only the JSESSIONID cookie in mind?  I did notice
>>> the
>>>  SessionConfig.SessionCookieSource enum with value OTHER, but cannot
>>> seem to see/figure out where that is used, or how to leverage that
>>> setting.  I looked through the ServletContextImpl class but only see the
>>> SessionTrackingMode of COOKIE, SSL and URL available.
>>>
>>> Any help/insight would be greatly appreciated.
>>>
>>> Thanks,
>>>
>>> Eric
>>>
>>>
>>> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
>>> wrote:
>>>
>>>> Why do you need a custom SessionConfig? In general Servlet will use
>>>> its own SessionConfig that matches the configuration of the deployed
>>>> application (generally just using a JSESSIONID cookie, unless it has
>>>> been customized).
>>>>
>>>> Stuart
>>>>
>>>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>> > I've been trying to figure out how to build my own custom
>>>> SessionManager to
>>>> > push my sessions into Redis with a custom SessionConfig
>>>> implementation, but
>>>> > am having trouble finding any documentation to that extent.
>>>> >
>>>> > For the SesisonManager, I've read that I need to:
>>>> >
>>>> > Develop SessionManager which implements
>>>> > io.undertow.server.session.SessionManager
>>>> > Develop SessionManagerFactory which implements
>>>> > io.undertow.servlet.api.SessionManagerFactory
>>>> > Develop startup extension which implements
>>>> > io.undertow.servlet.ServletExtension, and in
>>>> handleDeployment(Deployment)
>>>> > method change sessionManagerFactory with new SessionManagerFactory.
>>>> > Register new ServletExtension by adding
>>>> > ../META-INF/services/io.undertow.servlet.ServletExtension file (file
>>>> should
>>>> > contain the name of new ServletExtension. for example
>>>> > com.my.utils.StartupExtension)
>>>> >
>>>> >
>>>> > But I can't seem to find anything that indicates how to provide my own
>>>> > SessionConfig implementation.  How do I register a custom
>>>> SessionConfig
>>>> > implementation?  Is there any documentation to that extent?
>>>> >
>>>> > Are there any examples that can show me how to create my own
>>>> SessionManager
>>>> > and SessionConfig object?
>>>> >
>>>> > Thanks,
>>>> >
>>>> > Eric
>>>> >
>>>> > _______________________________________________
>>>> > undertow-dev mailing list
>>>> > undertow-dev at lists.jboss.org
>>>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>>
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/f0911ac5/attachment.html 