Package org.hippoecm.hst.core.jcr
Interface SessionSecurityDelegation
public interface SessionSecurityDelegation
Component that has facility methods for creating NON POOLED session (security delegates) that are optionally
logged out automatically at the end of the hst request processing
-
Method Summary
Modifier and TypeMethodDescriptionvoid
cleanupSessionDelegates
(HstRequestContext requestContext) cleans up any sessions that are not yet logged out and were created either throughgetOrCreateLiveSecurityDelegate(javax.jcr.Credentials, String)
, or throughgetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials, String)
or through one of the create methods withautoLogout
set totrue
createLiveSecurityDelegate
(Credentials delegate, boolean autoLogout) createPreviewSecurityDelegate
(Credentials delegate, boolean autoLogout) createSecurityDelegate
(Credentials cred1, Credentials cred2, boolean autoLogout, DomainRuleExtension... domainExtensions) getDelegatedSession
(Credentials creds) getOrCreateLiveSecurityDelegate
(Credentials delegate, String key) Deprecated.getOrCreatePreviewSecurityDelegate
(Credentials delegate, String key) Deprecated.since 13.0.1 and 13.1.0 : UsecreatePreviewSecurityDelegate(Credentials, boolean)
instead.
-
Method Details
-
cleanupSessionDelegates
cleans up any sessions that are not yet logged out and were created either throughgetOrCreateLiveSecurityDelegate(javax.jcr.Credentials, String)
, or throughgetOrCreatePreviewSecurityDelegate(javax.jcr.Credentials, String)
or through one of the create methods withautoLogout
set totrue
- Parameters:
requestContext
-
-
getDelegatedSession
- Returns:
- A non pooled jcr session which is not automatically logged out and is NOT combined with the credentials of any other session: This is a plane delegated repository login, not a security delegate.
- Throws:
RepositoryException
-
getOrCreateLiveSecurityDelegate
@Deprecated Session getOrCreateLiveSecurityDelegate(Credentials delegate, String key) throws RepositoryException, IllegalStateException Deprecated.since 13.0.1 and 13.1.0 : UsecreateLiveSecurityDelegate(Credentials, boolean)
instead. Thekey
parameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method -
createLiveSecurityDelegate
Session createLiveSecurityDelegate(Credentials delegate, boolean autoLogout) throws RepositoryException, IllegalStateException - Parameters:
delegate
- the credentials of theSession
to combine the access with the live sessionautoLogout
- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Session
belonging todelegate
and the normal hst live session credentials with the addition of an extra wildcard domain rule hippo:availability = live - Throws:
RepositoryException
IllegalStateException
- ifsecurityDelegationEnabled
is false or in case the created sessions are not of typeHippoSession
or whenautoLogout
istrue
but there is notHstRequestContext
available
-
getOrCreatePreviewSecurityDelegate
@Deprecated Session getOrCreatePreviewSecurityDelegate(Credentials delegate, String key) throws RepositoryException, IllegalStateException Deprecated.since 13.0.1 and 13.1.0 : UsecreatePreviewSecurityDelegate(Credentials, boolean)
instead. Thekey
parameter is not needed any more since we don't support returning same jcr session based on cachekey any more. Use autologout = true if you replace this method -
createPreviewSecurityDelegate
Session createPreviewSecurityDelegate(Credentials delegate, boolean autoLogout) throws RepositoryException, IllegalStateException - Parameters:
delegate
- the credentials of theSession
to combine the access with the preview sessionautoLogout
- whether the HST should take care of automatically logging out the session at the end of the request- Returns:
- a security delegated session which combines the access control rules for
Session
belonging todelegate
and the normal hst preview session credentials with the addition of an extra wildcard domain rule hippo:availability = preview - Throws:
RepositoryException
IllegalStateException
- ifsecurityDelegationEnabled
is false or in case the created sessions are not of typeHippoSession
or whenautoLogout
istrue
but there is notHstRequestContext
available
-
createSecurityDelegate
Session createSecurityDelegate(Credentials cred1, Credentials cred2, boolean autoLogout, DomainRuleExtension... domainExtensions) throws RepositoryException, IllegalStateException - Parameters:
cred1
- credentials for the firstSession
cred2
- credentials for the secondSession
autoLogout
- whether the HST should take care of automatically logging out the session at the end of the requestdomainExtensions
- optional extra domain rules for the created delegate- Returns:
- a security delegated session which combines the access control rules for
Session
belonging tocred1
andcred2
with the optional addition of custom domain rulesdomainExtensions
- Throws:
RepositoryException
IllegalStateException
- ifsecurityDelegationEnabled
is false or in case the created sessions are not of typeHippoSession
or whenautoLogout
istrue
but there is notHstRequestContext
available
-
createLiveSecurityDelegate(Credentials, boolean)
instead.