[undertow-dev] Howto create/configure a custom SessionManager and SessionConfig implementation?

Antoine Girard antoine.girard at ymail.com
Wed Mar 29 07:24:33 EDT 2017


I did a similar thing once: persisting sessions into a Redis data store.
My starting point was the InMemorySessionManager.

Good luck to you!

Cheers,
Antoine

On Wed, Mar 29, 2017 at 1:09 PM, Eric B <ebenzacar at gmail.com> wrote:

> From my understanding, I was thinking/planning to create my own
> SessionManager to handle the Session loading.  And from the docs, it
> indicates that the SessionManager must delegate retrieving the sessionId to
> the SessionConfig object.
>
> Am I heading down the wrong path?  Is there an easier/another way to
> load/persist the session?
>
> Thanks
>
> Eric
>
>
>
> On Mar 29, 2017 7:01 AM, "Bill O'Neil" <bill at dartalley.com
> <bill at dartalleycom>> wrote:
>
> If you want such a custom solution why not just use a cookie and ignore
> all of the SessionConfig code. You can write a handler that checks for
> the cookie and attaches your own custom session object to the exchange
> based on the cookie.
>
> On Tue, Mar 28, 2017 at 9:41 PM, Eric B <ebenzacar at gmail.com> wrote:
>
>> Stuart,
>>
>> My goal is to actually replace the JSESSIONID cookie/mechanism with my
>> own mechanism.  I am looking to use a JsonWebToken (JWT) to pass my
>> JSESSIONID to the application for a few different reasons:
>> 1) I would like to sign the JSESSIONID
>> 2) I would like to pass additional data along with the JSESSIONID (ex:
>> some auth claims)
>> 3) I want to be able to share this information between different
>> containers
>> 4) I want to pass a TTL with my token
>>
>>
>> At some level, I am trying to hack together an SSO solution temporarily
>> which would allow me to log into one container, and have some credentials
>> pass to another container.  My issue is that both containers are session
>> based, and hence, need to be able to retrieve a session from a sessionId.
>> However, I also want to make sure that sessions don't expire - that is if I
>> am working in container 2, that my session in container 1 continues to live
>> (if the user gets redirected back to container 1).
>>
>> So, in essence, I am looking to be able to extract my SessionId from a
>> mechanism other than the standard JSESSIONID cookie, but yet, still
>> continue to use the sessions seamlessly.
>>
>> I figure I could potentially hack around the design using the
>> SessionConfigWrapper in which I use the wrap() method to return my own
>> SessionConfig object, but that does not seem to fit in the spirit or design
>> of the wrapper.
>>
>> Is there another/better way to accomplish something like this?  Or is
>> undertow designed with only the JSESSIONID cookie in mind?  I did notice
>> the
>>  SessionConfig.SessionCookieSource enum with value OTHER, but cannot
>> seem to see/figure out where that is used, or how to leverage that
>> setting.  I looked through the ServletContextImpl class but only see the
>> SessionTrackingMode of COOKIE, SSL and URL available.
>>
>> Any help/insight would be greatly appreciated.
>>
>> Thanks,
>>
>> Eric
>>
>>
>> On Tue, Mar 28, 2017 at 7:57 PM, Stuart Douglas <sdouglas at redhat.com>
>> wrote:
>>
>>> Why do you need a custom SessionConfig? In general Servlet will use
>>> its own SessionConfig that matches the configuration of the deployed
>>> application (generally just using a JSESSIONID cookie, unless it has
>>> been customized).
>>>
>>> Stuart
>>>
>>> On Tue, Mar 28, 2017 at 2:19 PM, Eric B <ebenzacar at gmail.com> wrote:
>>> > I've been trying to figure out how to build my own custom
>>> SessionManager to
>>> > push my sessions into Redis with a custom SessionConfig
>>> implementation, but
>>> > am having trouble finding any documentation to that extent.
>>> >
>>> > For the SesisonManager, I've read that I need to:
>>> >
>>> > Develop SessionManager which implements
>>> > io.undertow.server.session.SessionManager
>>> > Develop SessionManagerFactory which implements
>>> > io.undertow.servlet.api.SessionManagerFactory
>>> > Develop startup extension which implements
>>> > io.undertow.servlet.ServletExtension, and in
>>> handleDeployment(Deployment)
>>> > method change sessionManagerFactory with new SessionManagerFactory.
>>> > Register new ServletExtension by adding
>>> > ../META-INF/services/io.undertow.servlet.ServletExtension file (file
>>> should
>>> > contain the name of new ServletExtension. for example
>>> > com.my.utils.StartupExtension)
>>> >
>>> >
>>> > But I can't seem to find anything that indicates how to provide my own
>>> > SessionConfig implementation.  How do I register a custom SessionConfig
>>> > implementation?  Is there any documentation to that extent?
>>> >
>>> > Are there any examples that can show me how to create my own
>>> SessionManager
>>> > and SessionConfig object?
>>> >
>>> > Thanks,
>>> >
>>> > Eric
>>> >
>>> > _______________________________________________
>>> > undertow-dev mailing list
>>> > undertow-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20170329/1da7d0c7/attachment-0001.html 


More information about the undertow-dev mailing list