<div dir="ltr">The SessionManager#createSession() method takes a SessionConfig as second argument. <div>I don't understand what more do you need!</div><div><br></div><div>Cheers,</div><div>Antoine</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 29, 2017 at 3:55 PM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="auto">I'm not actually trying to reusue the SessionCookieConfigImpl. But in the SessionManager javadoc, it clearly states that:</div><div dir="auto"><br></div><div dir="auto"><div dir="auto"> * As part of session creation the session manager MUST attempt to retrieve the {@link SessionCookieConfig} from</div><div dir="auto"> * the {@link HttpServerExchange} and use it to set the session cookie. The frees up the session manager from</div><div dir="auto"> * needing to know details of the cookie configuration. When invalidating a session the session manager MUST</div><div dir="auto"> * also use this to clear the session cookie.</div><div><br></div><div>So while I can create my own SessionManager that completely ignores the SessionConfig object, as per the SessionManager javadocs, the manager must attempt to retrieve the SessionConfig object from the exchange to set the session cookie. I am just trying to fulfill the SessionManager requirements.</div><div><br></div><div>But there is missing documentation indicating how/where one can specify the SessionCookieConfig implementation that I want undertow to use. I would like undertow to use my own custom implementation.</div><div><br></div><div>Thanks,</div><div><br>Eric</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mar 29, 2017 9:35 AM, "Bill O'Neil" <<a href="mailto:bill@dartalley.com" target="_blank">bill@dartalley.com</a>> wrote:<br type="attribution"></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="ltr">What exactly will you gain from reusing SessionConfig if you are going to hack around a lot of it? If not much then just write your own handler that handles the cookies and talking to Redis it might be less work then customizing and hacking around SessionConfig.</div></span><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Mar 29, 2017 at 9:01 AM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><span class=""><div style="font-family:sans-serif;font-size:13.696px" dir="auto">Agreed, but I want to use my own SessionConfig implementation in which the Sessionid is stored in a different cookie structure then the default implementation.</div><div dir="auto" style="font-family:sans-serif;font-size:13.696px"><br></div><div dir="auto" style="font-family:sans-serif;font-size:13.696px">I was looking for something that allows me to specify the SessionConfig implementation I want undertow to use, but can't find that config option anywhere.</div><div dir="auto" style="font-family:sans-serif;font-size:13.696px"><br></div><div dir="auto" style="font-family:sans-serif;font-size:13.696px">Thanks,</div><div dir="auto" style="font-family:sans-serif;font-size:13.696px"><br></div><div dir="auto" style="font-family:sans-serif;font-size:13.696px">Eric</div></span><div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310h5"><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mar 29, 2017 8:44 AM, "Antoine Girard" <<a href="mailto:antoine.girard@ymail.com" target="_blank">antoine.girard@ymail.com</a>> wrote:<br type="attribution"></span><blockquote class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="ltr">A SessionConfig is just an interface for the SessionManager to retrieve the session ID.<div>You do want to store session IDs in cookies, is that correct?</div><div>In that case, simply use the default SessionCookieConfig: </div><div><a href="https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/session/SessionCookieConfig.java" target="_blank">https://github.com/undertow-io<wbr>/undertow/blob/master/core/src<wbr>/main/java/io/undertow/server/<wbr>session/SessionCookieConfig.ja<wbr>va</a></div><div><br></div><div>Cheers,</div><div>Antoine</div><div><br></div></div></span><div class="gmail_extra"><br><div class="gmail_quote"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890quoted-text">On Wed, Mar 29, 2017 at 2:19 PM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="auto"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890quoted-text">Thanks for the link; that is definitely going to be a big help for the redis bridge.<div dir="auto"><br></div><div dir="auto">But I'm still unclear as to the "right" way to use/define my own SessionConfig implementation. In the link you sent, they instantiate the RedisManager with the existing SessionConfig object, and use whatever undertow passes in the parameters.</div><div dir="auto"><br></div><div dir="auto">As I mentioned in my earlier post, I suspect I can hack around it using the SessionConfigWrapper but that does not seem to respect the spirit or intent of the wrapper, so I'm trying to figure out if there is another/better way to do this.</div><div dir="auto"><br></div><div dir="auto">Or is the only solution to completely ignore the SessionConfig object and build my solution independent of it? But then it will not respect the contract of the SessionManager to retrieve the Sessionid from the SC object</div><div dir="auto"><br></div></div><div dir="auto">Thanks,</div><div dir="auto"><br></div><div dir="auto">Eric</div></div></span><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890elided-text"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326HOEnZb"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326h5"><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mar 29, 2017 8:00 AM, "Antoine Girard" <<a href="mailto:antoine.girard@ymail.com" target="_blank">antoine.girard@ymail.com</a>> wrote:<br type="attribution"></span><blockquote class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="ltr">Hi Eric,<div><br></div><div>Unfortunately I cannot share that code as it's company property.</div><div>As far as I can remember, it was really easy. I used the java redis library: Jedis.</div><div>Oh, and look what I found:</div><div><a href="https://github.com/coat/undertow-redis-session/blob/master/src/main/java/com/pedanticprogrammer/undertow/RedisSessionManager.java" target="_blank">https://github.com/coat/undert<wbr>ow-redis-session/blob/master/s<wbr>rc/main/java/com/pedanticprogr<wbr>ammer/undertow/RedisSessionMan<wbr>ager.java</a><br></div><div><br></div><div>That's a good starting point, if not the complete solution right there.</div><div><br></div><div>Cheers,</div><div>Antoine</div></div></span><div class="gmail_extra"><br><div class="gmail_quote"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text">On Wed, Mar 29, 2017 at 1:48 PM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><div dir="auto">Antoine,<div dir="auto"><br></div><div dir="auto">That's exactly where I am heading too. Is there any chance you still have our can share the code you used to do that? </div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto"><br></div><div dir="auto">Eric</div></div></div></span><div class="gmail_extra"><br><div class="gmail_quote"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span>On Mar 29, 2017 7:24 AM, "Antoine Girard" <<a href="mailto:antoine.girard@ymail.com" target="_blank">antoine.girard@ymailcom</a>> wrote:<br type="attribution"></span></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="ltr"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span>I did a similar thing once: persisting sessions into a Redis data store</span></div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span><div>My starting point was the InMemorySessionManager.</div><div><br></div><div>Good luck to you!</div><div><br></div><div>Cheers,</div><div>Antoine</div></span></div></div></span><div class="gmail_extra"><br><div class="gmail_quote"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span>On Wed, Mar 29, 2017 at 1:09 PM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br></span></div></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><span class=""><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span><div>From my understanding, I was thinking/planning to create my own SessionManager to handle the Session loading. And from the docs, it indicates that the SessionManager must delegate retrieving the sessionId to the SessionConfig object</div><div dir="auto"><br></div></span></div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561quoted-text"><span><div dir="auto">Am I heading down the wrong path? Is there an easier/another way to load/persist the session? </div><div dir="auto"><br></div><div dir="auto">Thanks</div><div dir="auto"><br></div><div dir="auto">Eric</div><div dir="auto"><br></div></span></div></span><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561elided-text"><div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076h5"><div dir="auto"><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote"><span class="">On Mar 29, 2017 7:01 AM, "Bill O'Neil" <<a href="mailto:bill@dartalleycom" target="_blank">bill@dartalleycom</a>> wrote:<br type="attribution"></span><blockquote class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076m_6710646849761334938m_8152727239980921360m_2541739177248376693quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><div dir="ltr">If you want such a custom solution why not just use a cookie and ignore all of the <span style="font-size:12.8px">SessionConfig code. You can write a handler that checks for the cookie and attaches your own custom session object to the exchange based on the cookie.</span></div></span><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076m_6710646849761334938m_8152727239980921360m_2541739177248376693elided-text"><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Tue, Mar 28, 2017 at 9:41 PM, Eric B <span dir="ltr"><<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><span class="">Stuart,<div><br>My goal is to actually replace the JSESSIONID cookie/mechanism with my own mechanism. I am looking to use a JsonWebToken (JWT) to pass my JSESSIONID to the application for a few different reasons:</div><div>1) I would like to sign the JSESSIONID</div><div>2) I would like to pass additional data along with the JSESSIONID (ex: some auth claims)</div><div>3) I want to be able to share this information between different containers</div><div>4) I want to pass a TTL with my token</div><div><br></div><div><br></div><div>At some level, I am trying to hack together an SSO solution temporarily which would allow me to log into one container, and have some credentials pass to another container. My issue is that both containers are session based, and hence, need to be able to retrieve a session from a sessionId. However, I also want to make sure that sessions don't expire - that is if I am working in container 2, that my session in container 1 continues to live (if the user gets redirected back to container 1).</div><div><br></div><div>So, in essence, I am looking to be able to extract my SessionId from a mechanism other than the standard JSESSIONID cookie, but yet, still continue to use the sessions seamlessly.</div><div><br></div><div>I figure I could potentially hack around the design using the SessionConfigWrapper in which I use the wrap() method to return my own SessionConfig object, but that does not seem to fit in the spirit or design of the wrapper.</div><div><br></div><div>Is there another/better way to accomplish something like this? Or is undertow designed with only the JSESSIONID cookie in mind? I did notice the </div></span> SessionConfig.SessionCookieSo<wbr>urce enum with value OTHER, but cannot seem to see/figure out where that is used, or how to leverage that setting. I looked through the ServletContextImpl class but only see the SessionTrackingMode of COOKIE, SSL and URL available.<div><div class="h5"><div><br></div><div>Any help/insight would be greatly appreciated.</div><div><br></div><div>Thanks,</div><div><br>Eric</div><div><br></div></div></div></div><div><div class="h5"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076m_6710646849761334938m_8152727239980921360m_2541739177248376693m_-3667385676312723287HOEnZb"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076m_6710646849761334938m_8152727239980921360m_2541739177248376693m_-3667385676312723287h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <span dir="ltr"><<a href="mailto:sdouglas@redhat.com" target="_blank">sdouglas@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Why do you need a custom SessionConfig? In general Servlet will use<br>
its own SessionConfig that matches the configuration of the deployed<br>
application (generally just using a JSESSIONID cookie, unless it has<br>
been customized).<br>
<br>
Stuart<br>
<div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076m_6710646849761334938m_8152727239980921360m_2541739177248376693m_-3667385676312723287m_-5870665426442319891h5"><br>
On Tue, Mar 28, 2017 at 2:19 PM, Eric B <<a href="mailto:ebenzacar@gmail.com" target="_blank">ebenzacar@gmail.com</a>> wrote:<br>
> I've been trying to figure out how to build my own custom SessionManager to<br>
> push my sessions into Redis with a custom SessionConfig implementation, but<br>
> am having trouble finding any documentation to that extent.<br>
><br>
> For the SesisonManager, I've read that I need to:<br>
><br>
> Develop SessionManager which implements<br>
> io.undertow.server.session.Ses<wbr>sionManager<br>
> Develop SessionManagerFactory which implements<br>
> io.undertow.servlet.api.Sessio<wbr>nManagerFactory<br>
> Develop startup extension which implements<br>
> io.undertow.servlet.ServletExt<wbr>ension, and in handleDeployment(Deployment)<br>
> method change sessionManagerFactory with new SessionManagerFactory.<br>
> Register new ServletExtension by adding<br>
> ../META-INF/services/io.undert<wbr>ow.servlet.ServletExtension file (file should<br>
> contain the name of new ServletExtension. for example<br>
> com.my.utils.StartupExtension)<br>
><br>
><br>
> But I can't seem to find anything that indicates how to provide my own<br>
> SessionConfig implementation. How do I register a custom SessionConfig<br>
> implementation? Is there any documentation to that extent?<br>
><br>
> Are there any examples that can show me how to create my own SessionManager<br>
> and SessionConfig object?<br>
><br>
> Thanks,<br>
><br>
> Eric<br>
><br>
</div></div>> ______________________________<wbr>_________________<br>
> undertow-dev mailing list<br>
> <a href="mailto:undertow-dev@lists.jboss.org" target="_blank">undertow-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/undertow-dev</a><br>
</blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
undertow-dev mailing list<br>
<a href="mailto:undertow-dev@lists.jboss.org" target="_blank">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/undertow-dev</a><br></div></div></blockquote></div><br></div>
</div></blockquote></div><br></div></div></div></div></div></div><div><div class="h5"><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561elided-text"><div><div class="m_4210428877980179007gmail-m_-4091244652379235472m_22393389318032310m_5393807958449129890m_7862769228212270326m_-5249066657219030561m_-6559532051863671076h5">
<br>______________________________<wbr>_________________<br>
undertow-dev mailing list<br>
<a href="mailto:undertow-dev@lists.jboss.org" target="_blank">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/undertow-dev</a><br></div></div></div></div></div></blockquote></div><br></div>
</blockquote></div></div>
</blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></div></blockquote></div><br></div>
</blockquote></div><br></div></div></div></div></div>
</blockquote></div><br></div>
</blockquote></div></div>
</div>
</blockquote></div><br></div>