How to use

SessionManager

in

com.oberasoftware.jasdb.api.security

/**
 * Creates a local DB session with credentials
 * @param credentials The credentials
 * @throws JasDBStorageException If unable to request the session
 */
public LocalDBSession(Credentials credentials) throws JasDBException {
  this();
  SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class);
  userSession = sessionManager.startSession(credentials);
}

  private void validateSession() throws JasDBStorageException {
    if(session == null || !sessionManager.sessionValid(session.getSessionId())) {
      throw new JasDBSecurityException("Unable to change security principals, not logged in or session expired");
    }
  }
}

private void checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
  try {
    String token = httpServletRequest.getHeader("oauth_token");
    String sessionId = httpServletRequest.getHeader("sessionid");
    LOG.debug("Token: {} for session: {}", token, sessionId);
    if(StringUtils.stringNotEmpty(token) && StringUtils.stringNotEmpty(sessionId)) {
      UserSession session = sessionManager.getSession(sessionId);
      if(session != null) {
        CryptoEngine cryptoEngine = CryptoFactory.getEngine();
        String expectedTokenHash = cryptoEngine.hash(sessionId, token);
        if (expectedTokenHash.equals(session.getAccessToken())) {
          httpServletRequest.setAttribute("session", new UserSessionImpl(sessionId, token, session.getEncryptedContentKey(), session.getUser()));
          filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
          handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token");
        }
      } else {
        handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token");
      }
    } else {
      handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "No token");
    }
  } catch(JasDBStorageException e) {
    LOG.error("Unknown error happened when processing token", e);
    handleErrorResponse(httpServletResponse, 500, "Unknown error");
  }
}

/**
 * Creates a local DB session bound to a specific instance with given credentials
 * @param instanceId The instance
 * @param credentials The credentials
 * @throws JasDBStorageException If unable to request the session
 */
public LocalDBSession(String instanceId, Credentials credentials) throws JasDBException {
  this(instanceId);
  SessionManager sessionManager = ApplicationContextProvider.getApplicationContext().getBean(SessionManager.class);
  userSession = sessionManager.startSession(credentials);
}

@RequestMapping(method = RequestMethod.POST, value = "/token", produces = "application/json", consumes = "application/json")
public @ResponseBody
ResponseEntity<String> getToken(HttpServletRequest request) {
  if(request.isSecure()) {
    try {
      String clientId = request.getParameter("client_id");
      String clientSecret = request.getParameter("client_secret");
      LOG.debug("Client: {} host: {}", clientId, request.getRemoteHost());
      UserSession session = sessionManager.startSession(new BasicCredentials(clientId, request.getRemoteHost(), clientSecret));
      LOG.debug("Loaded session: {}", session);
      String responseMessage = String.format(GRANT_VALID, session.getAccessToken(), session.getSessionId(), "jasdb", 3600);
      return new ResponseEntity<>(responseMessage, HttpStatus.OK);
    } catch(JasDBSecurityException e) {
      return getErrorResponse("Invalid credentials");
    } catch(JasDBStorageException e) {
      return getErrorResponse("Unknown error");
    }
  } else {
    return getErrorResponse("Insecure connection");
  }
}