[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?

Antoine Girard antoine.girard at ymail.com
Wed Mar 29 07:59:57 EDT 2017 

Hi Eric,

Unfortunately I cannot share that code as it's company property.
As far as I can remember, it was really easy. I used the java redis
library: Jedis.
Oh, and look what I found:
https://github.com/coat/undertow-redis-session/blob/master/src/main/java/com/pedanticprogrammer/undertow/RedisSessionManager.java

That's a good starting point, if not the complete solution right there.

Cheers,
Antoine

On Wed, Mar 29, 2017 at 1:48 PM, Eric B <ebenzacar at gmail.com> wrote:

> Antoine,
>
> That's exactly where I am heading too.  Is there any chance you still have
> our can share the code you used to do that?
>
> Thanks,
>
> Eric
>
> On Mar 29, 2017 7:24 AM, "Antoine Girard" <antoine.girard at ymail.com>
> wrote:
>
>> I did a similar thing once: persisting sessions into a Redis data store
>> My starting point was the InMemorySessionManager.
>>
>> Good luck to you!
>>
>> Cheers,
>> Antoine
>>
>> On Wed, Mar 29, 2017 at 1:09 PM, Eric B <ebenzacar at gmail.com> wrote:
>>
>>> From my understanding, I was thinking/planning to create my own
>>> SessionManager to handle the Session loading.  And from the docs, it
>>> indicates that the SessionManager must delegate retrieving the sessionId to
>>> the SessionConfig object
>>>
>>> Am I heading down the wrong path?  Is there an easier/another way to
>>> load/persist the session?
>>>
>>> Thanks
>>>
>>> Eric
>>>
>>>
>>>
>>> On Mar 29, 2017 7:01 AM, "Bill O'Neil" <bill at dartalleycom> wrote:
>>>
>>> If you want such a custom solution why not just use a cookie and ignore
>>> all of the SessionConfig code. You can write a handler that checks for
>>> the cookie and attaches your own custom session object to the exchange
>>> based on the cookie.
>>>
>>> On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>
>>>> Stuart,
>>>>
>>>> My goal is to actually replace the JSESSIONID cookie/mechanism with my
>>>> own mechanism.  I am looking to use a JsonWebToken (JWT) to pass my
>>>> JSESSIONID to the application for a few different reasons:
>>>> 1) I would like to sign the JSESSIONID
>>>> 2) I would like to pass additional data along with the JSESSIONID (ex:
>>>> some auth claims)
>>>> 3) I want to be able to share this information between different
>>>> containers
>>>> 4) I want to pass a TTL with my token
>>>>
>>>>
>>>> At some level, I am trying to hack together an SSO solution temporarily
>>>> which would allow me to log into one container, and have some credentials
>>>> pass to another container.  My issue is that both containers are session
>>>> based, and hence, need to be able to retrieve a session from a sessionId.
>>>> However, I also want to make sure that sessions don't expire - that is if I
>>>> am working in container 2, that my session in container 1 continues to live
>>>> (if the user gets redirected back to container 1).
>>>>
>>>> So, in essence, I am looking to be able to extract my SessionId from a
>>>> mechanism other than the standard JSESSIONID cookie, but yet, still
>>>> continue to use the sessions seamlessly.
>>>>
>>>> I figure I could potentially hack around the design using the
>>>> SessionConfigWrapper in which I use the wrap() method to return my own
>>>> SessionConfig object, but that does not seem to fit in the spirit or design
>>>> of the wrapper.
>>>>
>>>> Is there another/better way to accomplish something like this?  Or is
>>>> undertow designed with only the JSESSIONID cookie in mind?  I did notice
>>>> the
>>>>  SessionConfig.SessionCookieSource enum with value OTHER, but cannot
>>>> seem to see/figure out where that is used, or how to leverage that
>>>> setting.  I looked through the ServletContextImpl class but only see the
>>>> SessionTrackingMode of COOKIE, SSL and URL available.
>>>>
>>>> Any help/insight would be greatly appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> Eric
>>>>
>>>>
>>>> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
>>>> wrote:
>>>>
>>>>> Why do you need a custom SessionConfig? In general Servlet will use
>>>>> its own SessionConfig that matches the configuration of the deployed
>>>>> application (generally just using a JSESSIONID cookie, unless it has
>>>>> been customized).
>>>>>
>>>>> Stuart
>>>>>
>>>>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>>> > I've been trying to figure out how to build my own custom
>>>>> SessionManager to
>>>>> > push my sessions into Redis with a custom SessionConfig
>>>>> implementation, but
>>>>> > am having trouble finding any documentation to that extent.
>>>>> >
>>>>> > For the SesisonManager, I've read that I need to:
>>>>> >
>>>>> > Develop SessionManager which implements
>>>>> > io.undertow.server.session.SessionManager
>>>>> > Develop SessionManagerFactory which implements
>>>>> > io.undertow.servlet.api.SessionManagerFactory
>>>>> > Develop startup extension which implements
>>>>> > io.undertow.servlet.ServletExtension, and in
>>>>> handleDeployment(Deployment)
>>>>> > method change sessionManagerFactory with new SessionManagerFactory.
>>>>> > Register new ServletExtension by adding
>>>>> > ../META-INF/services/io.undertow.servlet.ServletExtension file
>>>>> (file should
>>>>> > contain the name of new ServletExtension. for example
>>>>> > com.my.utils.StartupExtension)
>>>>> >
>>>>> >
>>>>> > But I can't seem to find anything that indicates how to provide my
>>>>> own
>>>>> > SessionConfig implementation.  How do I register a custom
>>>>> SessionConfig
>>>>> > implementation?  Is there any documentation to that extent?
>>>>> >
>>>>> > Are there any examples that can show me how to create my own
>>>>> SessionManager
>>>>> > and SessionConfig object?
>>>>> >
>>>>> > Thanks,
>>>>> >
>>>>> > Eric
>>>>> >
>>>>> > _______________________________________________
>>>>> > undertow-dev mailing list
>>>>> > undertow-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> undertow-dev mailing list
>>>> undertow-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/74b8aaaf/attachment-0001.html

More information about the undertow-dev mailing list