Package org.hippoecm.hst.core.jcr
Interface SessionSecurityDelegation
-
public interface SessionSecurityDelegationComponent that has facility methods for creating NON POOLED session (security delegates) that are optionally logged out automatically at the end of the hst request processing
-
-
Method Summary
-
-
-
Method Detail
-
cleanupSessionDelegates
void cleanupSessionDelegates(HstRequestContext requestContext)
cleans up any sessions that are not yet logged out and were created either throughgetOrCreateLiveSecurityDelegate(javax.jcr.Credentials, String), or throughgetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials, String)or through one of the create methods withautoLogoutset totrue- Parameters:
requestContext-
-
getDelegatedSession
Session getDelegatedSession(Credentials creds) throws RepositoryException
- Returns:
- A non pooled jcr session which is not automatically logged out and is NOT combined with the credentials of any other session: This is a plane delegated repository login, not a security delegate.
- Throws:
RepositoryException
-
getOrCreateLiveSecurityDelegate
@Deprecated Session getOrCreateLiveSecurityDelegate(Credentials delegate, String key) throws RepositoryException, IllegalStateException
Deprecated.since 13.0.1 and 13.1.0 : UsecreateLiveSecurityDelegate(Credentials, boolean)instead. Thekeyparameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method
-
createLiveSecurityDelegate
Session createLiveSecurityDelegate(Credentials delegate, boolean autoLogout) throws RepositoryException, IllegalStateException
- Parameters:
delegate- the credentials of theSessionto combine the access with the live sessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging todelegateand the normal hst live session credentials with the addition of an extra wildcard domain rule hippo:availability = live - Throws:
RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
getOrCreatePreviewSecurityDelegate
@Deprecated Session getOrCreatePreviewSecurityDelegate(Credentials delegate, String key) throws RepositoryException, IllegalStateException
Deprecated.since 13.0.1 and 13.1.0 : UsecreatePreviewSecurityDelegate(Credentials, boolean)instead. Thekeyparameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method
-
createPreviewSecurityDelegate
Session createPreviewSecurityDelegate(Credentials delegate, boolean autoLogout) throws RepositoryException, IllegalStateException
- Parameters:
delegate- the credentials of theSessionto combine the access with the preview sessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging todelegateand the normal hst preview session credentials with the addition of an extra wildcard domain rule hippo:availability = preview - Throws:
RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
createSecurityDelegate
Session createSecurityDelegate(Credentials cred1, Credentials cred2, boolean autoLogout, DomainRuleExtension... domainExtensions) throws RepositoryException, IllegalStateException
- Parameters:
cred1- credentials for the firstSessioncred2- credentials for the secondSessionautoLogout- whether the HST should take care of automatically logging out the session at the end of the requestdomainExtensions- optional extra domain rules for the created delegate- Returns:
- a security delegated session which combines the access control rules for
Sessionbelonging tocred1andcred2with the optional addition of custom domain rulesdomainExtensions - Throws:
RepositoryExceptionIllegalStateException- ifsecurityDelegationEnabledis false or in case the created sessions are not of typeHippoSessionor whenautoLogoutistruebut there is notHstRequestContextavailable
-
-