Class CmsSessionManager


  • public class CmsSessionManager
    extends java.lang.Object
    Keeps track of the sessions running on the OpenCms server and provides a session info storage which is used to get an overview about currently authenticated OpenCms users, as well as sending broadcasts between users.

    For each authenticated OpenCms user, a CmsSessionInfo object holds the information about the users status.

    When a user session is invalidated, the user info will be removed. This happens when a user log out, or when his session times out.

    Please Note: The current implementation does not provide any permission checking, so all users can access the methods of this manager. Permission checking based on the current users OpenCms context may be added in a future OpenCms release.

    Since:
    6.0.0
    • Constructor Detail

      • CmsSessionManager

        protected CmsSessionManager()
        Creates a new instance of the OpenCms session manager.

    • Method Detail

      • checkCreateSessionForUser

        public void checkCreateSessionForUser​(CmsUser user)
                                       throws CmsException
        Checks whether a new session can be created for the user, and throws an exception if not.

        Parameters:
        user - the user to check
        Throws:
        CmsException - if no new session for the user can't be created
      • getBroadcastQueue

        public org.apache.commons.collections.Buffer getBroadcastQueue​(java.lang.String sessionId)
        Returns the broadcast queue for the given OpenCms session id.

        Parameters:
        sessionId - the OpenCms session id to get the broadcast queue for
        Returns:
        the broadcast queue for the given OpenCms session id
      • getSessionCountAuthenticated

        public int getSessionCountAuthenticated()
        Returns the number of sessions currently authenticated in the OpenCms security system.

        Returns:
        the number of sessions currently authenticated in the OpenCms security system
      • getSessionCountCurrent

        public int getSessionCountCurrent()
        Returns the number of current sessions, including the sessions of not authenticated guest users.

        Returns:
        the number of current sessions, including the sessions of not authenticated guest users
      • getSessionCountTotal

        public int getSessionCountTotal()
        Returns the number of total sessions generated so far, including already destroyed sessions.

        Returns:
        the number of total sessions generated so far, including already destroyed sessions
      • getSessionInfo

        public CmsSessionInfo getSessionInfo​(CmsUUID sessionId)
        Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

        Parameters:
        sessionId - the OpenCms session id to return the session info for
        Returns:
        the complete user session info of a user from the session storage
      • getSessionInfo

        public CmsSessionInfo getSessionInfo​(javax.servlet.http.HttpServletRequest req)
        Returns the OpenCms user session info for the given request, or null if no user session is available.

        Parameters:
        req - the current request
        Returns:
        the OpenCms user session info for the given request, or null if no user session is available
      • getSessionInfo

        public CmsSessionInfo getSessionInfo​(javax.servlet.http.HttpSession session)
        Returns the OpenCms user session info for the given http session, or null if no user session is available.

        Parameters:
        session - the current http session
        Returns:
        the OpenCms user session info for the given http session, or null if no user session is available
      • getSessionInfo

        public CmsSessionInfo getSessionInfo​(java.lang.String sessionId)
        Returns the complete user session info of a user from the session storage, or null if this session id has no session info attached.

        Parameters:
        sessionId - the OpenCms session id to return the session info for, this must be a String representation of a CmsUUID
        Returns:
        the complete user session info of a user from the session storage
        See Also:
        getSessionInfo(CmsUUID)
      • getSessionInfos

        public java.util.List<CmsSessionInfogetSessionInfos()
        Returns all current session info objects.

        Returns:
        all current session info objects
      • getSessionInfos

        public java.util.List<CmsSessionInfogetSessionInfos​(CmsUUID userId)
        Returns a list of all active session info objects for the specified user.

        An OpenCms user can have many active sessions. This is e.g. possible when two people have logged in to the system using the same username. Even one person can have multiple sessions if he is logged in to OpenCms with several browser windows at the same time.

        Parameters:
        userId - the id of the user
        Returns:
        a list of all active session info objects for the specified user
      • hasValidClientToken

        public boolean hasValidClientToken​(javax.servlet.http.HttpServletRequest req)
        Returns whether the current request has a valid client token.

        Used to prevent session hijacking.

        Parameters:
        req - the current request
        Returns:
        true in case the request has a valid token
      • killSession

        public void killSession​(CmsObject cms,
                                CmsUser user)
                         throws CmsException
        Kills all sessions for the given user.

        Parameters:
        cms - the current CMS context
        user - the user for whom the sessions should be killed
        Throws:
        CmsException - if something goes wrong
      • killSession

        public void killSession​(CmsObject cms,
                                CmsUUID sessionid)
                         throws CmsException
        Destroys a session given the session id. Only allowed for users which have the "account manager" role.

        Parameters:
        cms - the current CMS context
        sessionid - the session id
        Throws:
        CmsException - if something goes wrong
      • sendBroadcast

        @Deprecated
        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message)
        Deprecated.
        Sends a broadcast to all sessions of all currently authenticated users.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
      • sendBroadcast

        @Deprecated
        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  boolean repeat)
        Deprecated.
        Sends a broadcast to all sessions of all currently authenticated users.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        repeat - repeat this message
      • sendBroadcast

        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  boolean repeat,
                                  CmsBroadcast.ContentMode mode)
        Sends a broadcast to all sessions of all currently authenticated users.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        repeat - repeat this message
        mode - the content mode to use
      • sendBroadcast

        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  CmsBroadcast.ContentMode mode)
        Sends a broadcast to all sessions of all currently authenticated users.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        mode - the content mode
      • sendBroadcast

        @Deprecated
        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  java.lang.String sessionId)
        Deprecated.
        Sends a broadcast to the specified user session.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        sessionId - the OpenCms session uuid target (receiver) of the broadcast
      • sendBroadcast

        @Deprecated
        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  java.lang.String sessionId,
                                  boolean repeat)
        Deprecated.
        Sends a broadcast to the specified user session.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        sessionId - the OpenCms session uuid target (receiver) of the broadcast
        repeat - repeat this message
      • sendBroadcast

        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  java.lang.String sessionId,
                                  boolean repeat,
                                  CmsBroadcast.ContentMode mode)
        Sends a broadcast to the specified user session.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        sessionId - the OpenCms session uuid target (receiver) of the broadcast
        repeat - repeat this message
        mode - the content mode to use
      • sendBroadcast

        public void sendBroadcast​(CmsObject cms,
                                  java.lang.String message,
                                  java.lang.String sessionId,
                                  CmsBroadcast.ContentMode mode)
        Sends a broadcast to the specified user session.

        Parameters:
        cms - the OpenCms user context of the user sending the broadcast
        message - the message to broadcast
        sessionId - the OpenCms session uuid target (receiver) of the broadcast
        mode - the content mode to use
      • sendBroadcast

        @Deprecated
        public void sendBroadcast​(CmsUser fromUser,
                                  java.lang.String message,
                                  CmsUser toUser)
        Deprecated.
        Sends a broadcast to all sessions of a given user.

        The user sending the message may be a real user like cms.getRequestContext().currentUser() or null for a system message.

        Parameters:
        fromUser - the user sending the broadcast
        message - the message to broadcast
        toUser - the target (receiver) of the broadcast
      • sendBroadcast

        public void sendBroadcast​(CmsUser fromUser,
                                  java.lang.String message,
                                  CmsUser toUser,
                                  CmsBroadcast.ContentMode mode)
        Sends a broadcast to all sessions of a given user.

        The user sending the message may be a real user like cms.getRequestContext().currentUser() or null for a system message.

        Parameters:
        fromUser - the user sending the broadcast
        message - the message to broadcast
        toUser - the target (receiver) of the broadcast
        mode - the content mode to use
      • switchUser

        public java.lang.String switchUser​(CmsObject cms,
                                           javax.servlet.http.HttpServletRequest req,
                                           CmsUser user)
                                    throws CmsException
        Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.
        Parameters:
        cms - the current CmsObject
        req - the current request
        user - the user to switch to
        Returns:
        the direct edit target if available
        Throws:
        CmsException - if something goes wrong
      • switchUserFromSession

        public java.lang.String switchUserFromSession​(CmsObject cms,
                                                      javax.servlet.http.HttpServletRequest req,
                                                      CmsUser user,
                                                      CmsSessionInfo sessionInfo)
                                               throws CmsException
        Switches the current user to the given user. The session info is rebuild as if the given user performs a login at the workplace.
        Parameters:
        cms - the current CmsObject
        req - the current request
        user - the user to switch to
        sessionInfo - to switch to a currently logged in user using the same session state
        Returns:
        the direct edit target if available
        Throws:
        CmsException - if something goes wrong
      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object
        See Also:
        Object.toString()
      • updateSessionInfo

        public void updateSessionInfo​(CmsObject cms,
                                      javax.servlet.http.HttpServletRequest req)
        Updates the the OpenCms session data used for quick authentication of users.

        This is required if the user data (current group or project) was changed in the requested document.

        The user data is only updated if the user was authenticated to the system.

        Parameters:
        cms - the current OpenCms user context
        req - the current request
      • updateSessionInfo

        public void updateSessionInfo​(CmsObject cms,
                                      javax.servlet.http.HttpServletRequest req,
                                      boolean isHeartBeatRequest)
        Updates the the OpenCms session data used for quick authentication of users.

        This is required if the user data (current group or project) was changed in the requested document.

        The user data is only updated if the user was authenticated to the system.

        Parameters:
        cms - the current OpenCms user context
        req - the current request
        isHeartBeatRequest - in case of heart beat requests
      • updateSessionInfo

        public void updateSessionInfo​(CmsObject cms,
                                      javax.servlet.http.HttpSession session)
        Updates the the OpenCms session data used for quick authentication of users.

        This is required if the user data (current group or project) was changed in the requested document.

        The user data is only updated if the user was authenticated to the system.

        Parameters:
        cms - the current OpenCms user context
        session - the current session
      • updateSessionInfos

        public void updateSessionInfos​(CmsObject cms)
        Updates all session info objects, so that invalid projects are replaced by the Online project.

        Parameters:
        cms - the cms context
      • addSessionInfo

        protected void addSessionInfo​(CmsSessionInfo sessionInfo)
        Adds a new session info into the session storage.

        Parameters:
        sessionInfo - the session info to store for the id
      • getSessionUUID

        protected CmsUUID getSessionUUID​(java.lang.String sessionId)
        Returns the UUID representation for the given session id String.

        Parameters:
        sessionId - the session id String to return the UUID representation for
        Returns:
        the UUID representation for the given session id String
      • shutdown

        protected void shutdown()
                         throws java.lang.Exception
        Removes all stored session info objects.

        Throws:
        java.lang.Exception - if something goes wrong
      • validateSessionInfos

        protected void validateSessionInfos()
        Validates the sessions stored in this manager and removes any sessions that have become invalidated.