com.bea.p13n.usermgmt
Class SessionHelper

java.lang.Object
  com.bea.p13n.usermgmt.SessionHelper

public class SessionHelper
extends Object

Field Summary

static String	LOGIN_UID Constant to indicate user has logged in with a valid user id
static String	PROFILE_WRAPPER constant to look up the current profile wrapper

Constructor Summary

SessionHelper()

Method Summary

static void	bindProfile(javax.servlet.http.HttpServletRequest request, ProfileWrapper profile) Bind user profile to HTTP session.
static String	getAuthenticatedUserId(javax.servlet.http.HttpServletRequest req) Get the logged in user's id from the request.
static boolean	getFireLoginEvent(javax.servlet.http.HttpSession session)
static ProfileWrapper	getProfile(javax.servlet.http.HttpServletRequest req) Get the current profile from either the session or the request.
static ProfileWrapper	getProfile(javax.servlet.http.HttpServletRequest req, boolean createNew) Look for a profile in the request, with the option to create a new Session if there is not a current one in the Request object.
static ProfileWrapper	getProfile(javax.servlet.http.HttpSession session) Get the current profile from the session
static javax.servlet.http.HttpSession	getSession(javax.servlet.http.HttpServletRequest request) This method attempts to return a reference to the current session, and will attempt to create a HttpSession if none exists (respecting the optional descriptor configuraton max-in-memory-sessions).
static javax.servlet.http.HttpSession	getSession(javax.servlet.http.HttpServletRequest request, boolean createNew) This method attempts to return a reference to the current session, and will attempt to create a HttpSession if needed, if createNew is true (respecting the optional descriptor configuraton max-in-memory-sessions).
static String	getUserId(javax.servlet.http.HttpServletRequest req) Get the (not neccessarily logged in) user's id from the request.
static void	postCreateUser(javax.servlet.http.HttpServletRequest request, String username, String password, boolean saveAnonymous, boolean fireEvent, boolean login) Actions to be performed upon user creation (self-registration style).
static void	postLogin(javax.servlet.http.HttpServletRequest request) Option to fire SessionLoginEvent
static void	putProfileInRequest(javax.servlet.http.HttpServletRequest req, ProfileWrapper profile) Put a profile in the request.
static void	putProfileInSession(javax.servlet.http.HttpServletRequest req, ProfileWrapper profile) Put a profile in the session.
static void	putProfileInSession(javax.servlet.http.HttpSession session, ProfileWrapper profile) Put a profile in the session.
static ProfileWrapper	removeAndReturnProfile(javax.servlet.http.HttpSession session) Removes profile wrapper references from the session and returns it.
static void	removeProfile(javax.servlet.http.HttpServletRequest req) Removes profile wrapper references from both the request and the session.
static void	removeProfile(javax.servlet.http.HttpSession session) Removes profile wrapper references from the session.
static void	setFireLoginEvent(javax.servlet.ServletContext sc, boolean doFire) Look in web.xml to see if we're going to fire SessionLoginEvents upon user login.
static boolean	userIsRegistered(javax.servlet.http.HttpSession session) Determine whether user is authenticated by presence of attribute in Session

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROFILE_WRAPPER

public static final String PROFILE_WRAPPER

constant to look up the current profile wrapper

See Also

Constants Summary

LOGIN_UID

public static final String LOGIN_UID

Constant to indicate user has logged in with a valid user id

See Also

Constants Summary

Constructor Detail

SessionHelper

public SessionHelper()

Method Detail

getProfile

public static ProfileWrapper getProfile(javax.servlet.http.HttpServletRequest req)

Get the current profile from either the session or the request. Looks in the session first (by default, this method will not create new sessions), then the request.

getProfile

public static ProfileWrapper getProfile(javax.servlet.http.HttpServletRequest req,
                                        boolean createNew)

Look for a profile in the request, with the option to create a new Session if there is not a current one in the Request object.

getProfile

public static ProfileWrapper getProfile(javax.servlet.http.HttpSession session)

Get the current profile from the session

removeProfile

public static void removeProfile(javax.servlet.http.HttpServletRequest req)

Removes profile wrapper references from both the request and the session.

removeProfile

public static void removeProfile(javax.servlet.http.HttpSession session)

Removes profile wrapper references from the session.

removeAndReturnProfile

public static ProfileWrapper removeAndReturnProfile(javax.servlet.http.HttpSession session)

Removes profile wrapper references from the session and returns it.

Returns

the ProfileWrapper, or null if none was found

putProfileInSession

public static void putProfileInSession(javax.servlet.http.HttpServletRequest req,
                                       ProfileWrapper profile)

Put a profile in the session.

putProfileInSession

public static void putProfileInSession(javax.servlet.http.HttpSession session,
                                       ProfileWrapper profile)

Put a profile in the session.

putProfileInRequest

public static void putProfileInRequest(javax.servlet.http.HttpServletRequest req,
                                       ProfileWrapper profile)

Put a profile in the request.

bindProfile

public static void bindProfile(javax.servlet.http.HttpServletRequest request,
                               ProfileWrapper profile)

Bind user profile to HTTP session. If createSession parameter configured to false of PortalServletFilter in web.xml, or session exceed limits configured by weblogic.xml, this method will not create session. The user profile will bind to HTTP reqeust instead.

Parameters

request - a HTTP request used to lookup HTTP session or bind profile

profile - user profile object

getUserId

public static String getUserId(javax.servlet.http.HttpServletRequest req)

Get the (not neccessarily logged in) user's id from the request.

This will check the username of a profile in the request/session first (this will handle tracked anonymous users). If there's no profile or it's fully anonymous, this will check the authenticated user id.

Parameters

req - the servlet request.

Returns

the user id, null if cannot be determined.

getAuthenticatedUserId

public static String getAuthenticatedUserId(javax.servlet.http.HttpServletRequest req)

Get the logged in user's id from the request.

This checks for the user principal on the request.

Parameters

req - the servlet request.

Returns

the user id, null if not authenticated.

postCreateUser

public static void postCreateUser(javax.servlet.http.HttpServletRequest request,
                                  String username,
                                  String password,
                                  boolean saveAnonymous,
                                  boolean fireEvent,
                                  boolean login)
                           throws LoginException

Actions to be performed upon user creation (self-registration style). This will authenticate the new user in the request, update the user profile in the request or session as needed, fire a UserRegistrationEvent, then fire a SessionLoginEvent if session exists.

NOTE that this method always removes the original profile and replaces it with a new one representing the new user, regardless of whether they logged in. That new profile is ProfileType.REGISTERED.

Throws

LoginException

postLogin

public static void postLogin(javax.servlet.http.HttpServletRequest request)

Option to fire SessionLoginEvent

userIsRegistered

public static boolean userIsRegistered(javax.servlet.http.HttpSession session)

Determine whether user is authenticated by presence of attribute in Session

setFireLoginEvent

public static void setFireLoginEvent(javax.servlet.ServletContext sc,
                                     boolean doFire)

Look in web.xml to see if we're going to fire SessionLoginEvents upon user login. Specified as follows: PortalServletFilter com.bea.p13n.servlets.PortalServletFilter fireSessionLoginEvent false Option to fire SessionLoginEvent , defaults to true if not set

getFireLoginEvent

public static boolean getFireLoginEvent(javax.servlet.http.HttpSession session)

getSession

public static javax.servlet.http.HttpSession getSession(javax.servlet.http.HttpServletRequest request)

This method attempts to return a reference to the current session, and will attempt to create a HttpSession if none exists (respecting the optional descriptor configuraton max-in-memory-sessions). If a configured maximum number of session already exists, a null value is returned.

Parameters

request - The current HttpServletRequest

Returns

The current (or possibly new) HttpSession or null, if the maximum number of sessions already exist.

getSession

public static javax.servlet.http.HttpSession getSession(javax.servlet.http.HttpServletRequest request,
                                                        boolean createNew)

This method attempts to return a reference to the current session, and will attempt to create a HttpSession if needed, if createNew is true (respecting the optional descriptor configuraton max-in-memory-sessions). If a configured maximum number of session already exists, a null value is returned.

Parameters

request - The current HttpServletRequest

createNew - Will attempt to create a new session, if none exists

Returns

The current (or possibly new) HttpSession or null, if the maximum number of sessions already exist.