ej.hoka.auth

Class SessionAuthenticator

java.lang.Object

ej.hoka.auth.SessionAuthenticator

All Implemented Interfaces:

Authenticator

public class SessionAuthenticator
extends java.lang.Object
implements Authenticator

An implementation of Authenticator that stores active sessions in a database and authenticate a request using a session ID generated at login.

Constructor Summary

Constructors

Constructor and Description
SessionAuthenticator() Deprecated. Uses an insecure implementation of Random.
SessionAuthenticator(long sessionLifetime) Deprecated. Uses an insecure implementation of Random.
SessionAuthenticator(long sessionLifetime, SessionDataAccess database) Deprecated. Uses an insecure implementation of Random.
SessionAuthenticator(java.util.Random random) Constructs a SessionAuthenticator with 1-hour-long sessions and using an in-memory database.
SessionAuthenticator(java.util.Random random, long sessionLifetime) Constructs a SessionAuthenticator with 1-hour-long sessions and using an in-memory database.
SessionAuthenticator(java.util.Random random, long sessionLifetime, SessionDataAccess database) Constructs a SessionAuthenticator.

Method Summary

Modifier and Type	Method and Description
java.lang.String	authenticate(java.lang.String sessionID) Authenticate using the given token.
protected long	generateExpiration() Generates the expiration date using the current real time.
protected java.lang.String	generateSessionID() Generates a new session ID encoded in base64.
java.lang.String	login(java.lang.String uid) Creates a new session with the given user identifier.
boolean	logout(java.lang.String sessionID) Removes the session identified by sessionID from the active sessions.
void	refresh(java.lang.String sessionID) Refreshes the expiration date of the session identified by sessionID.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SessionAuthenticator

@Deprecated
public SessionAuthenticator()

Deprecated. Uses an insecure implementation of Random.

Constructs a SessionAuthenticator with 1-hour-long sessions and using an in-memory database.

See Also:

InMemorySessionDataAccess

SessionAuthenticator

public SessionAuthenticator(java.util.Random random)

Constructs a SessionAuthenticator with 1-hour-long sessions and using an in-memory database. Use a secure Random implementation (see java.security.SecureRandom).

Parameters:

random - the random number generator used to create session IDs.

See Also:

InMemorySessionDataAccess

SessionAuthenticator

@Deprecated
public SessionAuthenticator(long sessionLifetime)

Deprecated. Uses an insecure implementation of Random.

Constructs a SessionAuthenticator using an in-memory database.

Parameters:

sessionLifetime - the time before a session is considered invalid.

See Also:

InMemorySessionDataAccess

SessionAuthenticator

public SessionAuthenticator(java.util.Random random,
                            long sessionLifetime)

Constructs a SessionAuthenticator with 1-hour-long sessions and using an in-memory database. Use a secure Random implementation (see java.security.SecureRandom).

Parameters:

random - the random number generator used to create session IDs.

sessionLifetime - the time before a session is considered invalid.

See Also:

InMemorySessionDataAccess

SessionAuthenticator

@Deprecated
public SessionAuthenticator(long sessionLifetime,
                                         SessionDataAccess database)

Deprecated. Uses an insecure implementation of Random.

Constructs a SessionAuthenticator.

Parameters:

sessionLifetime - the time before a session is considered invalid.

database - the database to store active sessions.

SessionAuthenticator

public SessionAuthenticator(java.util.Random random,
                            long sessionLifetime,
                            SessionDataAccess database)

Constructs a SessionAuthenticator. Use a secure Random implementation (see java.security.SecureRandom).

Parameters:

random - the random number generator used to create session IDs.

sessionLifetime - the time before a session is considered invalid.

database - the database to store active sessions.

Method Detail

login

public java.lang.String login(java.lang.String uid)

Creates a new session with the given user identifier.

Parameters:

uid - the identifier of the logged in user.

Returns:

the generated session ID.

authenticate

public java.lang.String authenticate(java.lang.String sessionID)

Description copied from interface: Authenticator

Authenticate using the given token.

Specified by:

authenticate in interface Authenticator

Parameters:

sessionID - the token used for authentication.

Returns:

the user ID authenticated by token, or null if authentication failed.

refresh

public void refresh(java.lang.String sessionID)

Refreshes the expiration date of the session identified by sessionID.

Parameters:

sessionID - the identifier of the session.

logout

public boolean logout(java.lang.String sessionID)

Removes the session identified by sessionID from the active sessions.

Parameters:

sessionID - the identifier of the session.

Returns:

false if no sessions are referenced by sessionID, true otherwise

generateSessionID

protected java.lang.String generateSessionID()

Generates a new session ID encoded in base64.

Returns:

the generated session ID.

generateExpiration

protected long generateExpiration()

Generates the expiration date using the current real time.

Returns:

the generated expiration date.

See Also:

System.currentTimeMillis()