[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?
Eric B
ebenzacar at gmail.com
Wed Mar 29 07:09:57 EDT 2017
>From my understanding, I was thinking/planning to create my own
SessionManager to handle the Session loading. And from the docs, it
indicates that the SessionManager must delegate retrieving the sessionId to
the SessionConfig object.
Am I heading down the wrong path? Is there an easier/another way to
load/persist the session?
Thanks
Eric
On Mar 29, 2017 7:01 AM, "Bill O'Neil" <bill at dartalley.com> wrote:
If you want such a custom solution why not just use a cookie and ignore all
of the SessionConfig code. You can write a handler that checks for the
cookie and attaches your own custom session object to the exchange based on
the cookie.
On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:
> Stuart,
>
> My goal is to actually replace the JSESSIONID cookie/mechanism with my own
> mechanism. I am looking to use a JsonWebToken (JWT) to pass my JSESSIONID
> to the application for a few different reasons:
> 1) I would like to sign the JSESSIONID
> 2) I would like to pass additional data along with the JSESSIONID (ex:
> some auth claims)
> 3) I want to be able to share this information between different containers
> 4) I want to pass a TTL with my token
>
>
> At some level, I am trying to hack together an SSO solution temporarily
> which would allow me to log into one container, and have some credentials
> pass to another container. My issue is that both containers are session
> based, and hence, need to be able to retrieve a session from a sessionId.
> However, I also want to make sure that sessions don't expire - that is if I
> am working in container 2, that my session in container 1 continues to live
> (if the user gets redirected back to container 1).
>
> So, in essence, I am looking to be able to extract my SessionId from a
> mechanism other than the standard JSESSIONID cookie, but yet, still
> continue to use the sessions seamlessly.
>
> I figure I could potentially hack around the design using the
> SessionConfigWrapper in which I use the wrap() method to return my own
> SessionConfig object, but that does not seem to fit in the spirit or design
> of the wrapper.
>
> Is there another/better way to accomplish something like this? Or is
> undertow designed with only the JSESSIONID cookie in mind? I did notice
> the
> SessionConfig.SessionCookieSource enum with value OTHER, but cannot seem
> to see/figure out where that is used, or how to leverage that setting. I
> looked through the ServletContextImpl class but only see the
> SessionTrackingMode of COOKIE, SSL and URL available.
>
> Any help/insight would be greatly appreciated.
>
> Thanks,
>
> Eric
>
>
> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
> wrote:
>
>> Why do you need a custom SessionConfig? In general Servlet will use
>> its own SessionConfig that matches the configuration of the deployed
>> application (generally just using a JSESSIONID cookie, unless it has
>> been customized).
>>
>> Stuart
>>
>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>> > I've been trying to figure out how to build my own custom
>> SessionManager to
>> > push my sessions into Redis with a custom SessionConfig implementation,
>> but
>> > am having trouble finding any documentation to that extent.
>> >
>> > For the SesisonManager, I've read that I need to:
>> >
>> > Develop SessionManager which implements
>> > io.undertow.server.session.SessionManager
>> > Develop SessionManagerFactory which implements
>> > io.undertow.servlet.api.SessionManagerFactory
>> > Develop startup extension which implements
>> > io.undertow.servlet.ServletExtension, and in
>> handleDeployment(Deployment)
>> > method change sessionManagerFactory with new SessionManagerFactory.
>> > Register new ServletExtension by adding
>> > ../META-INF/services/io.undertow.servlet.ServletExtension file (file
>> should
>> > contain the name of new ServletExtension. for example
>> > com.my.utils.StartupExtension)
>> >
>> >
>> > But I can't seem to find anything that indicates how to provide my own
>> > SessionConfig implementation. How do I register a custom SessionConfig
>> > implementation? Is there any documentation to that extent?
>> >
>> > Are there any examples that can show me how to create my own
>> SessionManager
>> > and SessionConfig object?
>> >
>> > Thanks,
>> >
>> > Eric
>> >
>> > _______________________________________________
>> > undertow-dev mailing list
>> > undertow-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/97038005/attachment.html
More information about the undertow-dev
mailing list