[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?

Bill O'Neil bill at dartalley.com
Wed Mar 29 07:01:22 EDT 2017


If you want such a custom solution why not just use a cookie and ignore all
of the SessionConfig code. You can write a handler that checks for the
cookie and attaches your own custom session object to the exchange based on
the cookie.

On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:

> Stuart,
>
> My goal is to actually replace the JSESSIONID cookie/mechanism with my own
> mechanism.  I am looking to use a JsonWebToken (JWT) to pass my JSESSIONID
> to the application for a few different reasons:
> 1) I would like to sign the JSESSIONID
> 2) I would like to pass additional data along with the JSESSIONID (ex:
> some auth claims)
> 3) I want to be able to share this information between different containers
> 4) I want to pass a TTL with my token
>
>
> At some level, I am trying to hack together an SSO solution temporarily
> which would allow me to log into one container, and have some credentials
> pass to another container.  My issue is that both containers are session
> based, and hence, need to be able to retrieve a session from a sessionId.
> However, I also want to make sure that sessions don't expire - that is if I
> am working in container 2, that my session in container 1 continues to live
> (if the user gets redirected back to container 1).
>
> So, in essence, I am looking to be able to extract my SessionId from a
> mechanism other than the standard JSESSIONID cookie, but yet, still
> continue to use the sessions seamlessly.
>
> I figure I could potentially hack around the design using the
> SessionConfigWrapper in which I use the wrap() method to return my own
> SessionConfig object, but that does not seem to fit in the spirit or design
> of the wrapper.
>
> Is there another/better way to accomplish something like this?  Or is
> undertow designed with only the JSESSIONID cookie in mind?  I did notice
> the
>  SessionConfig.SessionCookieSource enum with value OTHER, but cannot seem
> to see/figure out where that is used, or how to leverage that setting.  I
> looked through the ServletContextImpl class but only see the
> SessionTrackingMode of COOKIE, SSL and URL available.
>
> Any help/insight would be greatly appreciated.
>
> Thanks,
>
> Eric
>
>
> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
> wrote:
>
>> Why do you need a custom SessionConfig? In general Servlet will use
>> its own SessionConfig that matches the configuration of the deployed
>> application (generally just using a JSESSIONID cookie, unless it has
>> been customized).
>>
>> Stuart
>>
>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>> > I've been trying to figure out how to build my own custom
>> SessionManager to
>> > push my sessions into Redis with a custom SessionConfig implementation,
>> but
>> > am having trouble finding any documentation to that extent.
>> >
>> > For the SesisonManager, I've read that I need to:
>> >
>> > Develop SessionManager which implements
>> > io.undertow.server.session.SessionManager
>> > Develop SessionManagerFactory which implements
>> > io.undertow.servlet.api.SessionManagerFactory
>> > Develop startup extension which implements
>> > io.undertow.servlet.ServletExtension, and in
>> handleDeployment(Deployment)
>> > method change sessionManagerFactory with new SessionManagerFactory.
>> > Register new ServletExtension by adding
>> > ../META-INF/services/io.undertow.servlet.ServletExtension file (file
>> should
>> > contain the name of new ServletExtension. for example
>> > com.my.utils.StartupExtension)
>> >
>> >
>> > But I can't seem to find anything that indicates how to provide my own
>> > SessionConfig implementation.  How do I register a custom SessionConfig
>> > implementation?  Is there any documentation to that extent?
>> >
>> > Are there any examples that can show me how to create my own
>> SessionManager
>> > and SessionConfig object?
>> >
>> > Thanks,
>> >
>> > Eric
>> >
>> > _______________________________________________
>> > undertow-dev mailing list
>> > undertow-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/6a51a2e8/attachment-0001.html 


More information about the undertow-dev mailing list