Class BasicSessionValidator<C extends CredentialsManager,S extends SessionManager,R extends RememberManager>
java.lang.Object
rife.authentication.sessionvalidators.AbstractSessionValidator<C,S,R>
rife.authentication.sessionvalidators.BasicSessionValidator<C,S,R>
- All Implemented Interfaces:
SessionValidator<C,S, R>
- Direct Known Subclasses:
MemorySessionValidator
public class BasicSessionValidator<C extends CredentialsManager,S extends SessionManager,R extends RememberManager>
extends AbstractSessionValidator<C,S,R>
Non-optimized session validator. This is a naive implementation of the
SessionValidator interface, suitable for cases where there is no
need for optimization of session validity checking.- Since:
- 1.0
- See Also:
-
Field Summary
Fields inherited from class rife.authentication.sessionvalidators.AbstractSessionValidator
credentialsManager_, rememberManager_, SESSION_INVALID, SESSION_VALID, sessionManager_ -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanisAccessAuthorized(int id) Indicates if the provided validity identifier is considered as valid and that the access to the secured resource is thus authorized.intvalidateSession(String authId, String authData, SessionAttributes attributes) Validates an existing session according to a set of attributes that define the context in which this validation occurs.Methods inherited from class rife.authentication.sessionvalidators.AbstractSessionValidator
getCredentialsManager, getRememberManager, getSessionManager, setCredentialsManager, setRememberManager, setSessionManager
-
Constructor Details
-
BasicSessionValidator
public BasicSessionValidator()
-
-
Method Details
-
isAccessAuthorized
public boolean isAccessAuthorized(int id) Description copied from interface:SessionValidatorIndicates if the provided validity identifier is considered as valid and that the access to the secured resource is thus authorized.Normally, specific business logic is only required for the situations in which access was prohibited. This method is used to make it possible to provide automatic access to the secured resource.
- Parameters:
id- The numeric identifier that is returned by thevalidateSessionmethod.- Returns:
trueif access to the secured resource was authorized; orfalseif access was prohibited.
-
validateSession
public int validateSession(String authId, String authData, SessionAttributes attributes) throws SessionValidatorException Description copied from interface:SessionValidatorValidates an existing session according to a set of attributes that define the context in which this validation occurs.This method is typically executed for each access to a secured resource, performance is thus of critical importance.
The implementation of this method should be optimal for the combination of the used
CredentialsManagerandSessionManager. Specific code that combines the features of both managers should be written, instead of relying on the abstracted api of each manager. Paying attention to the implementation of this method can dramatically reduce the overhead of securing resources.- Parameters:
authId- The unique id of the authentication session that needs to be validated.authData- Data that was associated with the sessionattributes- Access to the attributes that define that context in which the session has to be validated.- Returns:
- A number that indicates the validation state of the session. This allows the application to go beyond valid or invalid. Additional states like for example : blocked, initial login and disabled, can be used by using different numbers.
- Throws:
SessionValidatorException- An undefined number of exceptional cases or error situations can occur when a session is validated. They are all indicated by throwing an instance ofSessionValidatorException. It's up to the implementations of this interface to give more specific meanings to these exceptions.
-