Package org.opencms.main

Class CmsSessionManager

java.lang.Object
org.opencms.main.CmsSessionManager
public class CmsSessionManager extends Object
Keeps track of the sessions running on the OpenCms server and provides a session info storage which is used to get an overview about currently authenticated OpenCms users, as well as sending broadcasts between users.

For each authenticated OpenCms user, a CmsSessionInfo object holds the information about the users status.

When a user session is invalidated, the user info will be removed. This happens when a user log out, or when his session times out.

Please Note: The current implementation does not provide any permission checking, so all users can access the methods of this manager. Permission checking based on the current users OpenCms context may be added in a future OpenCms release.

Since:
6.0.0

  • Field Details

  • Constructor Details

    • CmsSessionManager

      protected CmsSessionManager()
      Creates a new instance of the OpenCms session manager.

  • Method Details

    • checkCreateSessionForUser

      public void checkCreateSessionForUser(CmsUser user) throws CmsException
      Checks whether a new session can be created for the user, and throws an exception if not.

      Parameters:
      user - the user to check
      Throws:
      CmsException - if no new session for the user can't be created

    • getBroadcastQueue

      public org.apache.commons.collections.Buffer getBroadcastQueue(String sessionId)
      Returns the broadcast queue for the given OpenCms session id.

      Parameters:
      sessionId - the OpenCms session id to get the broadcast queue for
      Returns:
      the broadcast queue for the given OpenCms session id

    • getSessionCountAuthenticated

      public int getSessionCountAuthenticated()
      Returns the number of sessions currently authenticated in the OpenCms security system.

      Returns:
      the number of sessions currently authenticated in the OpenCms security system

    • getSessionCountCurrent

      public int getSessionCountCurrent()
      Returns the number of current sessions, including the sessions of not authenticated guest users.

      Returns:
      the number of current sessions, including the sessions of not authenticated guest users

    • getSessionCountTotal

      public int getSessionCountTotal()
      Returns the number of total sessions generated so far, including already destroyed sessions.

      Returns:
      the number of total sessions generated so far, including already destroyed sessions

    • getSessionInfo

      public CmsSessionInfo getSessionInfo(CmsUUID sessionId)
      Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

      Parameters:
      sessionId - the OpenCms session id to return the session info for
      Returns:
      the complete user session info of a user from the session storage

    • getSessionInfo

      public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpServletRequest req)
      Returns the OpenCms user session info for the given request, or null if no user session is available.

      Parameters:
      req - the current request
      Returns:
      the OpenCms user session info for the given request, or null if no user session is available

    • getSessionInfo

      public CmsSessionInfo getSessionInfo(javax.servlet.http.HttpSession session)
      Returns the OpenCms user session info for the given http session, or null if no user session is available.

      Parameters:
      session - the current http session
      Returns:
      the OpenCms user session info for the given http session, or null if no user session is available

    • getSessionInfo

      public CmsSessionInfo getSessionInfo(String sessionId)
      Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

      Parameters:
      sessionId - the OpenCms session id to return the session info for, this must be a String representation of a CmsUUID
      Returns:
      the complete user session info of a user from the session storage
      See Also:

    • getSessionInfos

      public List<CmsSessionInfo> getSessionInfos()
      Returns all current session info objects.

      Returns:
      all current session info objects

    • getSessionInfos

      public List<CmsSessionInfo> getSessionInfos(CmsUUID userId)
      Returns a list of all active session info objects for the specified user.

      An OpenCms user can have many active sessions. This is e.g. possible when two people have logged in to the system using the same username. Even one person can have multiple sessions if he is logged in to OpenCms with several browser windows at the same time.

      Parameters:
      userId - the id of the user
      Returns:
      a list of all active session info objects for the specified user

    • getUserSessionMode

      public CmsSystemConfiguration.UserSessionMode getUserSessionMode()
      Gets the user session mode.

      Returns:
      the user session mode

    • hasValidClientToken

      public boolean hasValidClientToken(javax.servlet.http.HttpServletRequest req)
      Returns whether the current request has a valid client token.

      Used to prevent session hijacking.

      Parameters:
      req - the current request
      Returns:
      true in case the request has a valid token

    • killSession

      public void killSession(CmsObject cms, CmsUser user) throws CmsException
      Kills all sessions for the given user.

      Parameters:
      cms - the current CMS context
      user - the user for whom the sessions should be killed
      Throws:
      CmsException - if something goes wrong

    • killSession

      public void killSession(CmsObject cms, CmsUUID sessionid) throws CmsException
      Destroys a session given the session id. Only allowed for users which have the "account manager" role.

      Parameters:
      cms - the current CMS context
      sessionid - the session id
      Throws:
      CmsException - if something goes wrong

    • sendBroadcast

      @Deprecated public void sendBroadcast(CmsObject cms, String message)
      Deprecated.
      Sends a broadcast to all sessions of all currently authenticated users.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast

    • sendBroadcast

      @Deprecated public void sendBroadcast(CmsObject cms, String message, boolean repeat)
      Deprecated.
      Sends a broadcast to all sessions of all currently authenticated users.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      repeat - repeat this message

    • sendBroadcast

      public void sendBroadcast(CmsObject cms, String message, boolean repeat, CmsBroadcast.ContentMode mode)
      Sends a broadcast to all sessions of all currently authenticated users.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      repeat - repeat this message
      mode - the content mode to use

    • sendBroadcast

      public void sendBroadcast(CmsObject cms, String message, CmsBroadcast.ContentMode mode)
      Sends a broadcast to all sessions of all currently authenticated users.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      mode - the content mode

    • sendBroadcast

      @Deprecated public void sendBroadcast(CmsObject cms, String message, String sessionId)
      Deprecated.
      Sends a broadcast to the specified user session.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      sessionId - the OpenCms session uuid target (receiver) of the broadcast

    • sendBroadcast

      @Deprecated public void sendBroadcast(CmsObject cms, String message, String sessionId, boolean repeat)
      Deprecated.
      Sends a broadcast to the specified user session.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      sessionId - the OpenCms session uuid target (receiver) of the broadcast
      repeat - repeat this message

    • sendBroadcast

      public void sendBroadcast(CmsObject cms, String message, String sessionId, boolean repeat, CmsBroadcast.ContentMode mode)
      Sends a broadcast to the specified user session.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      sessionId - the OpenCms session uuid target (receiver) of the broadcast
      repeat - repeat this message
      mode - the content mode to use

    • sendBroadcast

      public void sendBroadcast(CmsObject cms, String message, String sessionId, CmsBroadcast.ContentMode mode)
      Sends a broadcast to the specified user session.

      Parameters:
      cms - the OpenCms user context of the user sending the broadcast
      message - the message to broadcast
      sessionId - the OpenCms session uuid target (receiver) of the broadcast
      mode - the content mode to use

    • sendBroadcast

      @Deprecated public void sendBroadcast(CmsUser fromUser, String message, CmsUser toUser)
      Deprecated.
      Sends a broadcast to all sessions of a given user.

      The user sending the message may be a real user like cms.getRequestContext().currentUser() or null for a system message.

      Parameters:
      fromUser - the user sending the broadcast
      message - the message to broadcast
      toUser - the target (receiver) of the broadcast

    • sendBroadcast

      public void sendBroadcast(CmsUser fromUser, String message, CmsUser toUser, CmsBroadcast.ContentMode mode)
      Sends a broadcast to all sessions of a given user.

      The user sending the message may be a real user like cms.getRequestContext().currentUser() or null for a system message.

      Parameters:
      fromUser - the user sending the broadcast
      message - the message to broadcast
      toUser - the target (receiver) of the broadcast
      mode - the content mode to use

    • switchUser

      public String switchUser(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user) throws CmsException
      Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.
      Parameters:
      cms - the current CmsObject
      req - the current request
      user - the user to switch to
      Returns:
      the direct edit target if available
      Throws:
      CmsException - if something goes wrong

    • switchUserFromSession

      public String switchUserFromSession(CmsObject cms, javax.servlet.http.HttpServletRequest req, CmsUser user, CmsSessionInfo sessionInfo) throws CmsException
      Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.
      Parameters:
      cms - the current CmsObject
      req - the current request
      user - the user to switch to
      sessionInfo - to switch to a currently logged in user using the same session state
      Returns:
      the direct edit target if available
      Throws:
      CmsException - if something goes wrong

    • toString

      public String toString()
      Overrides:
      toString in class Object
      See Also:

    • updateSessionInfo

      public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req)
      Updates the the OpenCms session data used for quick authentication of users.

      This is required if the user data (current group or project) was changed in the requested document.

      The user data is only updated if the user was authenticated to the system.

      Parameters:
      cms - the current OpenCms user context
      req - the current request

    • updateSessionInfo

      public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpServletRequest req, boolean isHeartBeatRequest)
      Updates the the OpenCms session data used for quick authentication of users.

      This is required if the user data (current group or project) was changed in the requested document.

      The user data is only updated if the user was authenticated to the system.

      Parameters:
      cms - the current OpenCms user context
      req - the current request
      isHeartBeatRequest - in case of heart beat requests

    • updateSessionInfo

      public void updateSessionInfo(CmsObject cms, javax.servlet.http.HttpSession session)
      Updates the the OpenCms session data used for quick authentication of users.

      This is required if the user data (current group or project) was changed in the requested document.

      The user data is only updated if the user was authenticated to the system.

      Parameters:
      cms - the current OpenCms user context
      session - the current session

    • updateSessionInfos

      public void updateSessionInfos(CmsObject cms)
      Updates all session info objects, so that invalid projects are replaced by the Online project.

      Parameters:
      cms - the cms context

    • addSessionInfo

      protected void addSessionInfo(CmsSessionInfo sessionInfo)
      Adds a new session info into the session storage.

      Parameters:
      sessionInfo - the session info to store for the id

    • getSessionUUID

      protected CmsUUID getSessionUUID(String sessionId)
      Returns the UUID representation for the given session id String.

      Parameters:
      sessionId - the session id String to return the UUID representation for
      Returns:
      the UUID representation for the given session id String

    • initialize

      protected void initialize(I_CmsSessionStorageProvider sessionStorageProvider, CmsObject adminCms)
      Sets the storage provider.

      Parameters:
      sessionStorageProvider - the storage provider implementation
      adminCms -

    • sessionCreated

      protected void sessionCreated(javax.servlet.http.HttpSessionEvent event)
      Called by the OpenCmsListener when a http session is created.

      Parameters:
      event - the http session event
      See Also:

    • sessionDestroyed

      protected void sessionDestroyed(javax.servlet.http.HttpSessionEvent event)
      Called by the OpenCmsListener when a http session is destroyed.

      Parameters:
      event - the http session event
      See Also:

    • setUserSessionMode

      protected void setUserSessionMode(CmsSystemConfiguration.UserSessionMode userSessionMode)
      Sets the user session mode.

      Parameters:
      userSessionMode - the user session mode

    • shutdown

      protected void shutdown() throws Exception
      Removes all stored session info objects.

      Throws:
      Exception - if something goes wrong

    • validateSessionInfos

      protected void validateSessionInfos()
      Validates the sessions stored in this manager and removes any sessions that have become invalidated.