Class CmsSessionManager
- java.lang.Object
-
- org.opencms.main.CmsSessionManager
-
public class CmsSessionManager extends java.lang.Object
Keeps track of the sessions running on the OpenCms server and provides a session info storage which is used to get an overview about currently authenticated OpenCms users, as well as sending broadcasts between users.For each authenticated OpenCms user, a
CmsSessionInfo
object holds the information about the users status.When a user session is invalidated, the user info will be removed. This happens when a user log out, or when his session times out.
Please Note: The current implementation does not provide any permission checking, so all users can access the methods of this manager. Permission checking based on the current users OpenCms context may be added in a future OpenCms release.
- Since:
- 6.0.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
HEADER_TRUE_CLIENT_IP
Header key 'true-client-ip' used by akamai proxies.static java.lang.String
HEADER_USER_AGENT
Header key 'user-agent'.static java.lang.String
HEADER_X_FORWARDED_FOR
Request header containing the real client IP address.static java.lang.String
NAME_USERSWITCH
Name of the logger for logging user switches.
-
Constructor Summary
Constructors Modifier Constructor Description protected
CmsSessionManager()
Creates a new instance of the OpenCms session manager.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected void
addSessionInfo(CmsSessionInfo sessionInfo)
Adds a new session info into the session storage.void
checkCreateSessionForUser(CmsUser user)
Checks whether a new session can be created for the user, and throws an exception if not.org.apache.commons.collections.Buffer
getBroadcastQueue(java.lang.String sessionId)
Returns the broadcast queue for the given OpenCms session id.int
getSessionCountAuthenticated()
Returns the number of sessions currently authenticated in the OpenCms security system.int
getSessionCountCurrent()
Returns the number of current sessions, including the sessions of not authenticated guest users.int
getSessionCountTotal()
Returns the number of total sessions generated so far, including already destroyed sessions.CmsSessionInfo
getSessionInfo(java.lang.String sessionId)
Returns the complete user session info of a user from the session storage, ornull
if this session id has no session info attached.CmsSessionInfo
getSessionInfo(javax.servlet.http.HttpServletRequest req)
Returns the OpenCms user session info for the given request, ornull
if no user session is available.CmsSessionInfo
getSessionInfo(javax.servlet.http.HttpSession session)
Returns the OpenCms user session info for the given http session, ornull
if no user session is available.CmsSessionInfo
getSessionInfo(CmsUUID sessionId)
Returns the complete user session info of a user from the session storage, ornull
if this session id has no session info attached.java.util.List<CmsSessionInfo>
getSessionInfos()
Returns all current session info objects.java.util.List<CmsSessionInfo>
getSessionInfos(CmsUUID userId)
Returns a list of all active session info objects for the specified user.protected CmsUUID
getSessionUUID(java.lang.String sessionId)
Returns the UUID representation for the given session id String.CmsSystemConfiguration.UserSessionMode
getUserSessionMode()
Gets the user session mode.boolean
hasValidClientToken(javax.servlet.http.HttpServletRequest req)
Returns whether the current request has a valid client token.protected void
initialize(I_CmsSessionStorageProvider sessionStorageProvider, CmsObject adminCms)
Sets the storage provider.void
killSession(CmsObject cms, CmsUser user)
Kills all sessions for the given user.void
killSession(CmsObject cms, CmsUUID sessionid)
Destroys a session given the session id.void
sendBroadcast(CmsObject cms, java.lang.String message)
Deprecated.void
sendBroadcast(CmsObject cms, java.lang.String message, boolean repeat)
Deprecated.void
sendBroadcast(CmsObject cms, java.lang.String message, boolean repeat, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of all currently authenticated users.void
sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId)
Deprecated.void
sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, boolean repeat)
Deprecated.void
sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, boolean repeat, CmsBroadcast.ContentMode mode)
Sends a broadcast to the specified user session.void
sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, CmsBroadcast.ContentMode mode)
Sends a broadcast to the specified user session.void
sendBroadcast(CmsObject cms, java.lang.String message, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of all currently authenticated users.void
sendBroadcast(CmsUser fromUser, java.lang.String message, CmsUser toUser)
Deprecated.void
sendBroadcast(CmsUser fromUser, java.lang.String message, CmsUser toUser, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of a given user.protected void
sessionCreated(javax.servlet.http.HttpSessionEvent event)
Called by theOpenCmsListener
when a http session is created.protected void
sessionDestroyed(javax.servlet.http.HttpSessionEvent event)
Called by theOpenCmsListener
when a http session is destroyed.protected void
setUserSessionMode(CmsSystemConfiguration.UserSessionMode userSessionMode)
Sets the user session mode.protected void
shutdown()
Removes all stored session info objects.java.lang.String
switchUser(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user)
Switches the current user to the given user.java.lang.String
switchUserFromSession(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user, CmsSessionInfo sessionInfo)
Switches the current user to the given user.java.lang.String
toString()
void
updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req)
Updates the the OpenCms session data used for quick authentication of users.void
updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req, boolean isHeartBeatRequest)
Updates the the OpenCms session data used for quick authentication of users.void
updateSessionInfo(CmsObject cms, javax.servlet.http.HttpSession session)
Updates the the OpenCms session data used for quick authentication of users.void
updateSessionInfos(CmsObject cms)
Updates all session info objects, so that invalid projects are replaced by the Online project.protected void
validateSessionInfos()
Validates the sessions stored in this manager and removes any sessions that have become invalidated.
-
-
-
Field Detail
-
HEADER_TRUE_CLIENT_IP
public static final java.lang.String HEADER_TRUE_CLIENT_IP
Header key 'true-client-ip' used by akamai proxies.- See Also:
- Constant Field Values
-
HEADER_USER_AGENT
public static final java.lang.String HEADER_USER_AGENT
Header key 'user-agent'.- See Also:
- Constant Field Values
-
HEADER_X_FORWARDED_FOR
public static final java.lang.String HEADER_X_FORWARDED_FOR
Request header containing the real client IP address.- See Also:
- Constant Field Values
-
NAME_USERSWITCH
public static final java.lang.String NAME_USERSWITCH
Name of the logger for logging user switches.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CmsSessionManager
protected CmsSessionManager()
Creates a new instance of the OpenCms session manager.
-
-
Method Detail
-
checkCreateSessionForUser
public void checkCreateSessionForUser(CmsUser user) throws CmsException
Checks whether a new session can be created for the user, and throws an exception if not.- Parameters:
user
- the user to check- Throws:
CmsException
- if no new session for the user can't be created
-
getBroadcastQueue
public org.apache.commons.collections.Buffer getBroadcastQueue(java.lang.String sessionId)
Returns the broadcast queue for the given OpenCms session id.- Parameters:
sessionId
- the OpenCms session id to get the broadcast queue for- Returns:
- the broadcast queue for the given OpenCms session id
-
getSessionCountAuthenticated
public int getSessionCountAuthenticated()
Returns the number of sessions currently authenticated in the OpenCms security system.- Returns:
- the number of sessions currently authenticated in the OpenCms security system
-
getSessionCountCurrent
public int getSessionCountCurrent()
Returns the number of current sessions, including the sessions of not authenticated guest users.- Returns:
- the number of current sessions, including the sessions of not authenticated guest users
-
getSessionCountTotal
public int getSessionCountTotal()
Returns the number of total sessions generated so far, including already destroyed sessions.- Returns:
- the number of total sessions generated so far, including already destroyed sessions
-
getSessionInfo
public CmsSessionInfo getSessionInfo(CmsUUID sessionId)
Returns the complete user session info of a user from the session storage, ornull
if this session id has no session info attached.- Parameters:
sessionId
- the OpenCms session id to return the session info for- Returns:
- the complete user session info of a user from the session storage
-
getSessionInfo
public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpServletRequest req)
Returns the OpenCms user session info for the given request, ornull
if no user session is available.- Parameters:
req
- the current request- Returns:
- the OpenCms user session info for the given request, or
null
if no user session is available
-
getSessionInfo
public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpSession session)
Returns the OpenCms user session info for the given http session, ornull
if no user session is available.- Parameters:
session
- the current http session- Returns:
- the OpenCms user session info for the given http session, or
null
if no user session is available
-
getSessionInfo
public CmsSessionInfo getSessionInfo(java.lang.String sessionId)
Returns the complete user session info of a user from the session storage, ornull
if this session id has no session info attached.- Parameters:
sessionId
- the OpenCms session id to return the session info for, this must be a String representation of aCmsUUID
- Returns:
- the complete user session info of a user from the session storage
- See Also:
getSessionInfo(CmsUUID)
-
getSessionInfos
public java.util.List<CmsSessionInfo> getSessionInfos()
Returns all current session info objects.- Returns:
- all current session info objects
-
getSessionInfos
public java.util.List<CmsSessionInfo> getSessionInfos(CmsUUID userId)
Returns a list of all active session info objects for the specified user.An OpenCms user can have many active sessions. This is e.g. possible when two people have logged in to the system using the same username. Even one person can have multiple sessions if he is logged in to OpenCms with several browser windows at the same time.
- Parameters:
userId
- the id of the user- Returns:
- a list of all active session info objects for the specified user
-
getUserSessionMode
public CmsSystemConfiguration.UserSessionMode getUserSessionMode()
Gets the user session mode.- Returns:
- the user session mode
-
hasValidClientToken
public boolean hasValidClientToken(javax.servlet.http.HttpServletRequest req)
Returns whether the current request has a valid client token.Used to prevent session hijacking.
- Parameters:
req
- the current request- Returns:
true
in case the request has a valid token
-
killSession
public void killSession(CmsObject cms, CmsUser user) throws CmsException
Kills all sessions for the given user.- Parameters:
cms
- the current CMS contextuser
- the user for whom the sessions should be killed- Throws:
CmsException
- if something goes wrong
-
killSession
public void killSession(CmsObject cms, CmsUUID sessionid) throws CmsException
Destroys a session given the session id. Only allowed for users which have the "account manager" role.- Parameters:
cms
- the current CMS contextsessionid
- the session id- Throws:
CmsException
- if something goes wrong
-
sendBroadcast
@Deprecated public void sendBroadcast(CmsObject cms, java.lang.String message)
Deprecated.Sends a broadcast to all sessions of all currently authenticated users.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcast
-
sendBroadcast
@Deprecated public void sendBroadcast(CmsObject cms, java.lang.String message, boolean repeat)
Deprecated.Sends a broadcast to all sessions of all currently authenticated users.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastrepeat
- repeat this message
-
sendBroadcast
public void sendBroadcast(CmsObject cms, java.lang.String message, boolean repeat, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of all currently authenticated users.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastrepeat
- repeat this messagemode
- the content mode to use
-
sendBroadcast
public void sendBroadcast(CmsObject cms, java.lang.String message, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of all currently authenticated users.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastmode
- the content mode
-
sendBroadcast
@Deprecated public void sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId)
Deprecated.Sends a broadcast to the specified user session.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastsessionId
- the OpenCms session uuid target (receiver) of the broadcast
-
sendBroadcast
@Deprecated public void sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, boolean repeat)
Deprecated.Sends a broadcast to the specified user session.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastsessionId
- the OpenCms session uuid target (receiver) of the broadcastrepeat
- repeat this message
-
sendBroadcast
public void sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, boolean repeat, CmsBroadcast.ContentMode mode)
Sends a broadcast to the specified user session.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastsessionId
- the OpenCms session uuid target (receiver) of the broadcastrepeat
- repeat this messagemode
- the content mode to use
-
sendBroadcast
public void sendBroadcast(CmsObject cms, java.lang.String message, java.lang.String sessionId, CmsBroadcast.ContentMode mode)
Sends a broadcast to the specified user session.- Parameters:
cms
- the OpenCms user context of the user sending the broadcastmessage
- the message to broadcastsessionId
- the OpenCms session uuid target (receiver) of the broadcastmode
- the content mode to use
-
sendBroadcast
@Deprecated public void sendBroadcast(CmsUser fromUser, java.lang.String message, CmsUser toUser)
Deprecated.Sends a broadcast to all sessions of a given user.The user sending the message may be a real user like
cms.getRequestContext().currentUser()
ornull
for a system message.- Parameters:
fromUser
- the user sending the broadcastmessage
- the message to broadcasttoUser
- the target (receiver) of the broadcast
-
sendBroadcast
public void sendBroadcast(CmsUser fromUser, java.lang.String message, CmsUser toUser, CmsBroadcast.ContentMode mode)
Sends a broadcast to all sessions of a given user.The user sending the message may be a real user like
cms.getRequestContext().currentUser()
ornull
for a system message.- Parameters:
fromUser
- the user sending the broadcastmessage
- the message to broadcasttoUser
- the target (receiver) of the broadcastmode
- the content mode to use
-
switchUser
public java.lang.String switchUser(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user) throws CmsException
Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.- Parameters:
cms
- the current CmsObjectreq
- the current requestuser
- the user to switch to- Returns:
- the direct edit target if available
- Throws:
CmsException
- if something goes wrong
-
switchUserFromSession
public java.lang.String switchUserFromSession(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user, CmsSessionInfo sessionInfo) throws CmsException
Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.- Parameters:
cms
- the current CmsObjectreq
- the current requestuser
- the user to switch tosessionInfo
- to switch to a currently logged in user using the same session state- Returns:
- the direct edit target if available
- Throws:
CmsException
- if something goes wrong
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
- See Also:
Object.toString()
-
updateSessionInfo
public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req)
Updates the the OpenCms session data used for quick authentication of users.This is required if the user data (current group or project) was changed in the requested document.
The user data is only updated if the user was authenticated to the system.
- Parameters:
cms
- the current OpenCms user contextreq
- the current request
-
updateSessionInfo
public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req, boolean isHeartBeatRequest)
Updates the the OpenCms session data used for quick authentication of users.This is required if the user data (current group or project) was changed in the requested document.
The user data is only updated if the user was authenticated to the system.
- Parameters:
cms
- the current OpenCms user contextreq
- the current requestisHeartBeatRequest
- in case of heart beat requests
-
updateSessionInfo
public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpSession session)
Updates the the OpenCms session data used for quick authentication of users.This is required if the user data (current group or project) was changed in the requested document.
The user data is only updated if the user was authenticated to the system.
- Parameters:
cms
- the current OpenCms user contextsession
- the current session
-
updateSessionInfos
public void updateSessionInfos(CmsObject cms)
Updates all session info objects, so that invalid projects are replaced by the Online project.- Parameters:
cms
- the cms context
-
addSessionInfo
protected void addSessionInfo(CmsSessionInfo sessionInfo)
Adds a new session info into the session storage.- Parameters:
sessionInfo
- the session info to store for the id
-
getSessionUUID
protected CmsUUID getSessionUUID(java.lang.String sessionId)
Returns the UUID representation for the given session id String.- Parameters:
sessionId
- the session id String to return the UUID representation for- Returns:
- the UUID representation for the given session id String
-
initialize
protected void initialize(I_CmsSessionStorageProvider sessionStorageProvider, CmsObject adminCms)
Sets the storage provider.- Parameters:
sessionStorageProvider
- the storage provider implementationadminCms
-
-
sessionCreated
protected void sessionCreated(javax.servlet.http.HttpSessionEvent event)
Called by theOpenCmsListener
when a http session is created.- Parameters:
event
- the http session event- See Also:
HttpSessionListener.sessionCreated(javax.servlet.http.HttpSessionEvent)
,OpenCmsListener.sessionCreated(HttpSessionEvent)
-
sessionDestroyed
protected void sessionDestroyed(javax.servlet.http.HttpSessionEvent event)
Called by theOpenCmsListener
when a http session is destroyed.- Parameters:
event
- the http session event- See Also:
HttpSessionListener.sessionDestroyed(javax.servlet.http.HttpSessionEvent)
,OpenCmsListener.sessionDestroyed(HttpSessionEvent)
-
setUserSessionMode
protected void setUserSessionMode(CmsSystemConfiguration.UserSessionMode userSessionMode)
Sets the user session mode.- Parameters:
userSessionMode
- the user session mode
-
shutdown
protected void shutdown() throws java.lang.Exception
Removes all stored session info objects.- Throws:
java.lang.Exception
- if something goes wrong
-
validateSessionInfos
protected void validateSessionInfos()
Validates the sessions stored in this manager and removes any sessions that have become invalidated.
-
-