Package org.hippoecm.hst.core.jcr
Interface SessionSecurityDelegation
-
public interface SessionSecurityDelegationComponent that has facility methods for creating NON POOLED session (security delegates) that are optionally logged out automatically at the end of the hst request processing
-
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description voidcleanupSessionDelegates(HstRequestContext requestContext)cleans up any sessions that are not yet logged out and were created either throughgetOrCreateLiveSecurityDelegate(javax.jcr.Credentials, String), or throughgetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials, String)or through one of the create methods withautoLogoutset totruejavax.jcr.SessioncreateLiveSecurityDelegate(javax.jcr.Credentials delegate, boolean autoLogout)javax.jcr.SessioncreatePreviewSecurityDelegate(javax.jcr.Credentials delegate, boolean autoLogout)javax.jcr.SessioncreateSecurityDelegate(javax.jcr.Credentials cred1, javax.jcr.Credentials cred2, boolean autoLogout, DomainRuleExtension... domainExtensions)javax.jcr.SessiongetDelegatedSession(javax.jcr.Credentials creds)javax.jcr.SessiongetOrCreateLiveSecurityDelegate(javax.jcr.Credentials delegate, String key)Deprecated.since 13.0.1 and 13.1.0 : UsecreateLiveSecurityDelegate(Credentials, boolean)instead.javax.jcr.SessiongetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials delegate, String key)Deprecated.since 13.0.1 and 13.1.0 : UsecreatePreviewSecurityDelegate(Credentials, boolean)instead.
-
-
-
Method Detail
-
cleanupSessionDelegates
void cleanupSessionDelegates(HstRequestContext requestContext)
cleans up any sessions that are not yet logged out and were created either throughgetOrCreateLiveSecurityDelegate(javax.jcr.Credentials, String), or throughgetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials, String)or through one of the create methods withautoLogoutset totrue- Parameters:
requestContext-
-
getDelegatedSession
javax.jcr.Session getDelegatedSession(javax.jcr.Credentials creds) throws javax.jcr.RepositoryException- Returns:
- A non pooled jcr session which is not automatically logged out and is NOT combined with the credentials of any other session: This is a plane delegated repository login, not a security delegate.
- Throws:
javax.jcr.RepositoryException
-
getOrCreateLiveSecurityDelegate
@Deprecated javax.jcr.Session getOrCreateLiveSecurityDelegate(javax.jcr.Credentials delegate, String key) throws javax.jcr.RepositoryException, IllegalStateException
Deprecated.since 13.0.1 and 13.1.0 : UsecreateLiveSecurityDelegate(Credentials, boolean)instead. Thekeyparameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method- Throws:
javax.jcr.RepositoryExceptionIllegalStateException
-
createLiveSecurityDelegate
javax.jcr.Session createLiveSecurityDelegate(javax.jcr.Credentials delegate, boolean autoLogout) throws javax.jcr.RepositoryException, IllegalStateException- Parameters:
delegate- the credentials of theSessionto combine the access with the live sessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging todelegateand the normal hst live session credentials with the addition of an extra wildcard domain rule hippo:availability = live - Throws:
javax.jcr.RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
getOrCreatePreviewSecurityDelegate
@Deprecated javax.jcr.Session getOrCreatePreviewSecurityDelegate(javax.jcr.Credentials delegate, String key) throws javax.jcr.RepositoryException, IllegalStateException
Deprecated.since 13.0.1 and 13.1.0 : UsecreatePreviewSecurityDelegate(Credentials, boolean)instead. Thekeyparameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method- Throws:
javax.jcr.RepositoryExceptionIllegalStateException
-
createPreviewSecurityDelegate
javax.jcr.Session createPreviewSecurityDelegate(javax.jcr.Credentials delegate, boolean autoLogout) throws javax.jcr.RepositoryException, IllegalStateException- Parameters:
delegate- the credentials of theSessionto combine the access with the preview sessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging todelegateand the normal hst preview session credentials with the addition of an extra wildcard domain rule hippo:availability = preview - Throws:
javax.jcr.RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
createSecurityDelegate
javax.jcr.Session createSecurityDelegate(javax.jcr.Credentials cred1, javax.jcr.Credentials cred2, boolean autoLogout, DomainRuleExtension... domainExtensions) throws javax.jcr.RepositoryException, IllegalStateException- Parameters:
cred1- credentials for the firstSessioncred2- credentials for the secondSessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the requestdomainExtensions- optional extra domain rules for the created delegate- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging tocred1andcred2with the optional addition of custom domain rulesdomainExtensions - Throws:
javax.jcr.RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
-