If you want such a custom solution why not just use a cookie and ignore all
of the SessionConfig code. You can write a handler that checks for the
cookie and attaches your own custom session object to the exchange based on
the cookie.
On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar(a)gmail.com> wrote:
Stuart,
My goal is to actually replace the JSESSIONID cookie/mechanism with my own
mechanism. I am looking to use a JsonWebToken (JWT) to pass my JSESSIONID
to the application for a few different reasons:
1) I would like to sign the JSESSIONID
2) I would like to pass additional data along with the JSESSIONID (ex:
some auth claims)
3) I want to be able to share this information between different containers
4) I want to pass a TTL with my token
At some level, I am trying to hack together an SSO solution temporarily
which would allow me to log into one container, and have some credentials
pass to another container. My issue is that both containers are session
based, and hence, need to be able to retrieve a session from a sessionId.
However, I also want to make sure that sessions don't expire - that is if I
am working in container 2, that my session in container 1 continues to live
(if the user gets redirected back to container 1).
So, in essence, I am looking to be able to extract my SessionId from a
mechanism other than the standard JSESSIONID cookie, but yet, still
continue to use the sessions seamlessly.
I figure I could potentially hack around the design using the
SessionConfigWrapper in which I use the wrap() method to return my own
SessionConfig object, but that does not seem to fit in the spirit or design
of the wrapper.
Is there another/better way to accomplish something like this? Or is
undertow designed with only the JSESSIONID cookie in mind? I did notice
the
SessionConfig.SessionCookieSource enum with value OTHER, but cannot seem
to see/figure out where that is used, or how to leverage that setting. I
looked through the ServletContextImpl class but only see the
SessionTrackingMode of COOKIE, SSL and URL available.
Any help/insight would be greatly appreciated.
Thanks,
Eric
On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas(a)redhat.com>
wrote:
> Why do you need a custom SessionConfig? In general Servlet will use
> its own SessionConfig that matches the configuration of the deployed
> application (generally just using a JSESSIONID cookie, unless it has
> been customized).
>
> Stuart
>
> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar(a)gmail.com> wrote:
> > I've been trying to figure out how to build my own custom
> SessionManager to
> > push my sessions into Redis with a custom SessionConfig implementation,
> but
> > am having trouble finding any documentation to that extent.
> >
> > For the SesisonManager, I've read that I need to:
> >
> > Develop SessionManager which implements
> > io.undertow.server.session.SessionManager
> > Develop SessionManagerFactory which implements
> > io.undertow.servlet.api.SessionManagerFactory
> > Develop startup extension which implements
> > io.undertow.servlet.ServletExtension, and in
> handleDeployment(Deployment)
> > method change sessionManagerFactory with new SessionManagerFactory.
> > Register new ServletExtension by adding
> > ../META-INF/services/io.undertow.servlet.ServletExtension file (file
> should
> > contain the name of new ServletExtension. for example
> > com.my.utils.StartupExtension)
> >
> >
> > But I can't seem to find anything that indicates how to provide my own
> > SessionConfig implementation. How do I register a custom SessionConfig
> > implementation? Is there any documentation to that extent?
> >
> > Are there any examples that can show me how to create my own
> SessionManager
> > and SessionConfig object?
> >
> > Thanks,
> >
> > Eric
> >
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/undertow-dev
>
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev