public class JwtSessionManager extends GenericHeapObject implements SessionManager
JwtCookieSession
.
{
"name": "JwtSession",
"type": "JwtSession",
"config": {
"keystore": "Ref To A KeyStore",
"alias": "PrivateKey Alias",
"password": "KeyStore/Key Password",
"cookieName": "OpenIG",
"sessionTimeout": "30 minutes"
}
}
All the session configuration is optional: if you omit everything, the appropriate keys will be generated and the
cookie name used will be JwtCookieSession.OPENIG_JWT_SESSION
.
The keystore attribute is an optional attribute that references a KeyStore
heap object. It will
be used to obtain the required encryption keys. If omitted, the alias and password
attributes will also be ignored, and a temporary key pair will be generated.
The alias string attribute specifies the name of the private key to obtain from the KeyStore. It is only required when a keystore is specified.
The password static expression attribute specifies the password to use when reading the private key from the KeyStore. It is only required when a keystore is specified.
The cookieName optional string attribute specifies the name of the cookie used to store the encrypted JWT.
If not set, JwtCookieSession.OPENIG_JWT_SESSION
is used.
The sessionTimeout optional duration attribute, specifies the amount of time before the cookie session expires. If not set, a default of 30 minutes is used. A duration of 0 is not valid and it will be limited to a maximum duration of approximately 10 years.
Modifier and Type | Class and Description |
---|---|
static class |
JwtSessionManager.Heaplet
Creates and initializes a jwt-session in a heap environment.
|
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_SESSION_TIMEOUT
Default sessionTimeout duration.
|
static Duration |
MAX_SESSION_TIMEOUT
The maximum session timeout duration, allows for an expiry time of approx 10 years (does not take leap years
into consideration).
|
logger, storage
Constructor and Description |
---|
JwtSessionManager(KeyPair keyPair,
String cookieName,
TimeService timeService,
Duration sessionTimeout)
Builds a new JwtSessionManager using the given KeyPair for session encryption, storing the opaque result in a
cookie with the given name.
|
Modifier and Type | Method and Description |
---|---|
Session |
load(Request request)
Loads a new Session for the given
Request . |
void |
save(Session session,
Response response)
Saves the session into the provided response.
|
getLogger, getStorage, setLogger, setStorage
public static final String DEFAULT_SESSION_TIMEOUT
public static final Duration MAX_SESSION_TIMEOUT
public JwtSessionManager(KeyPair keyPair, String cookieName, TimeService timeService, Duration sessionTimeout)
keyPair
- Private and public keys used for ciphering/decipheringcookieName
- name of the cookietimeService
- TimeService to use when dealing with cookie sessionssessionTimeout
- The duration of the cookie sessionpublic Session load(Request request)
SessionManager
Request
. The implementations
are free to keep a reference to the Request
.
The session object is scoped by the Request
's own lifecycle.
load
in interface SessionManager
request
- Request to create a session for.public void save(Session session, Response response) throws IOException
SessionManager
save
in interface SessionManager
session
- The session to save.response
- The response to save the session to.IOException
- If the session could not be saved to the
response.Copyright 2011-2015 ForgeRock AS.