[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?

Antoine Girard antoine.girard at ymail.com
Wed Mar 29 09:53:41 EDT 2017 

Look here:

https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/sessionhandling/SessionServer.java

Remember that the SessionManager interface has a createSession method that
takes a SessionConfig. That's where you give it.

You can see this operation being done throughout the example above.

Cheers,
Antoine

On Wed, Mar 29, 2017 at 3:01 PM, Eric B <ebenzacar at gmail.com> wrote:

> Agreed, but I want to use my own SessionConfig implementation in which the
> Sessionid is stored in a different cookie structure then the default
> implementation.
>
> I was looking for something that allows me to specify the SessionConfig
> implementation I want undertow to use, but can't find that config option
> anywhere.
>
> Thanks,
>
> Eric
>
> On Mar 29, 2017 8:44 AM, "Antoine Girard" <antoine.girard at ymail.com>
> wrote:
>
> A SessionConfig is just an interface for the SessionManager to retrieve
> the session ID.
> You do want to store session IDs in cookies, is that correct?
> In that case, simply use the default SessionCookieConfig:
> https://github.com/undertow-io/undertow/blob/master/core/src
> /main/java/io/undertow/server/session/SessionCookieConfig.java
>
> Cheers,
> Antoine
>
>
> On Wed, Mar 29, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>
>> Thanks for the link; that is definitely going to be a big help for the
>> redis bridge.
>>
>> But I'm still unclear as to the "right" way to use/define my own
>> SessionConfig implementation.  In the link you sent, they instantiate the
>> RedisManager with the existing SessionConfig object, and use whatever
>> undertow passes in the parameters.
>>
>> As I mentioned in my earlier post, I suspect I can hack around it using
>> the SessionConfigWrapper but that does not seem to respect the spirit or
>> intent of the wrapper, so I'm trying to figure out if there is
>> another/better way to do this.
>>
>> Or is the only solution to completely ignore the SessionConfig object and
>> build my solution independent of it? But then it will not respect the
>> contract of the SessionManager to retrieve the Sessionid from the SC object
>>
>> Thanks,
>>
>> Eric
>>
>> On Mar 29, 2017 8:00 AM, "Antoine Girard" <antoine.girard at ymail.com>
>> wrote:
>>
>> Hi Eric,
>>
>> Unfortunately I cannot share that code as it's company property.
>> As far as I can remember, it was really easy. I used the java redis
>> library: Jedis.
>> Oh, and look what I found:
>> https://githubcom/coat/undertow-redis-session/blob/master/sr
>> c/main/java/com/pedanticprogrammer/undertow/RedisSessionManager.java
>> <https://github.com/coat/undertow-redis-session/blob/master/src/main/java/com/pedanticprogrammer/undertow/RedisSessionManager.java>
>>
>> That's a good starting point, if not the complete solution right there.
>>
>> Cheers,
>> Antoine
>>
>> On Wed, Mar 29, 2017 at 1:48 PM, Eric B <ebenzacar at gmail.com> wrote:
>>
>>> Antoine,
>>>
>>> That's exactly where I am heading too.  Is there any chance you still
>>> have our can share the code you used to do that?
>>>
>>> Thanks,
>>>
>>> Eric
>>>
>>> On Mar 29, 2017 7:24 AM, "Antoine Girard" <antoine.girard at ymail.com>
>>> wrote:
>>>
>>>> I did a similar thing once: persisting sessions into a Redis data store
>>>> My starting point was the InMemorySessionManager.
>>>>
>>>> Good luck to you!
>>>>
>>>> Cheers,
>>>> Antoine
>>>>
>>>> On Wed, Mar 29, 2017 at 1:09 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>>
>>>>> From my understanding, I was thinking/planning to create my own
>>>>> SessionManager to handle the Session loading.  And from the docs, it
>>>>> indicates that the SessionManager must delegate retrieving the sessionId to
>>>>> the SessionConfig object
>>>>>
>>>>> Am I heading down the wrong path?  Is there an easier/another way to
>>>>> load/persist the session?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Eric
>>>>>
>>>>>
>>>>>
>>>>> On Mar 29, 2017 7:01 AM, "Bill O'Neil" <bill at dartalleycom> wrote:
>>>>>
>>>>> If you want such a custom solution why not just use a cookie and
>>>>> ignore all of the SessionConfig code. You can write a handler that
>>>>> checks for the cookie and attaches your own custom session object to the
>>>>> exchange based on the cookie.
>>>>>
>>>>> On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>>>
>>>>>> Stuart,
>>>>>>
>>>>>> My goal is to actually replace the JSESSIONID cookie/mechanism with
>>>>>> my own mechanism.  I am looking to use a JsonWebToken (JWT) to pass my
>>>>>> JSESSIONID to the application for a few different reasons:
>>>>>> 1) I would like to sign the JSESSIONID
>>>>>> 2) I would like to pass additional data along with the JSESSIONID
>>>>>> (ex: some auth claims)
>>>>>> 3) I want to be able to share this information between different
>>>>>> containers
>>>>>> 4) I want to pass a TTL with my token
>>>>>>
>>>>>>
>>>>>> At some level, I am trying to hack together an SSO solution
>>>>>> temporarily which would allow me to log into one container, and have some
>>>>>> credentials pass to another container.  My issue is that both containers
>>>>>> are session based, and hence, need to be able to retrieve a session from a
>>>>>> sessionId.  However, I also want to make sure that sessions don't expire -
>>>>>> that is if I am working in container 2, that my session in container 1
>>>>>> continues to live (if the user gets redirected back to container 1).
>>>>>>
>>>>>> So, in essence, I am looking to be able to extract my SessionId from
>>>>>> a mechanism other than the standard JSESSIONID cookie, but yet, still
>>>>>> continue to use the sessions seamlessly.
>>>>>>
>>>>>> I figure I could potentially hack around the design using the
>>>>>> SessionConfigWrapper in which I use the wrap() method to return my own
>>>>>> SessionConfig object, but that does not seem to fit in the spirit or design
>>>>>> of the wrapper.
>>>>>>
>>>>>> Is there another/better way to accomplish something like this?  Or is
>>>>>> undertow designed with only the JSESSIONID cookie in mind?  I did notice
>>>>>> the
>>>>>>  SessionConfig.SessionCookieSource enum with value OTHER, but cannot
>>>>>> seem to see/figure out where that is used, or how to leverage that setting
>>>>>> I looked through the ServletContextImpl class but only see the
>>>>>> SessionTrackingMode of COOKIE, SSL and URL available.
>>>>>>
>>>>>> Any help/insight would be greatly appreciated.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Eric
>>>>>>
>>>>>>
>>>>>> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Why do you need a custom SessionConfig? In general Servlet will use
>>>>>>> its own SessionConfig that matches the configuration of the deployed
>>>>>>> application (generally just using a JSESSIONID cookie, unless it has
>>>>>>> been customized).
>>>>>>>
>>>>>>> Stuart
>>>>>>>
>>>>>>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>>>>>>> > I've been trying to figure out how to build my own custom
>>>>>>> SessionManager to
>>>>>>> > push my sessions into Redis with a custom SessionConfig
>>>>>>> implementation, but
>>>>>>> > am having trouble finding any documentation to that extent.
>>>>>>> >
>>>>>>> > For the SesisonManager, I've read that I need to:
>>>>>>> >
>>>>>>> > Develop SessionManager which implements
>>>>>>> > io.undertow.server.session.SessionManager
>>>>>>> > Develop SessionManagerFactory which implements
>>>>>>> > io.undertow.servlet.api.SessionManagerFactory
>>>>>>> > Develop startup extension which implements
>>>>>>> > io.undertow.servlet.ServletExtension, and in
>>>>>>> handleDeployment(Deployment)
>>>>>>> > method change sessionManagerFactory with new SessionManagerFactory.
>>>>>>> > Register new ServletExtension by adding
>>>>>>> > ../META-INF/services/io.undertow.servlet.ServletExtension file
>>>>>>> (file should
>>>>>>> > contain the name of new ServletExtension. for example
>>>>>>> > com.my.utils.StartupExtension)
>>>>>>> >
>>>>>>> >
>>>>>>> > But I can't seem to find anything that indicates how to provide my
>>>>>>> own
>>>>>>> > SessionConfig implementation.  How do I register a custom
>>>>>>> SessionConfig
>>>>>>> > implementation?  Is there any documentation to that extent?
>>>>>>> >
>>>>>>> > Are there any examples that can show me how to create my own
>>>>>>> SessionManager
>>>>>>> > and SessionConfig object?
>>>>>>> >
>>>>>>> > Thanks,
>>>>>>> >
>>>>>>> > Eric
>>>>>>> >
>>>>>>> > _______________________________________________
>>>>>>> > undertow-dev mailing list
>>>>>>> > undertow-dev at lists.jboss.org
>>>>>>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> undertow-dev mailing list
>>>>>> undertow-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> undertow-dev mailing list
>>>>> undertow-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>
>>>>
>>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/30b3c5fc/attachment-0001.html

More information about the undertow-dev mailing list