|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface IBMSession
The IBMSession interface extends the javax.servlet.http.HttpSession interface of the
Servlet API to
The WebSphere implementation of the http session object implements this interface.
With regards to overflow: When overflow is turned off in a non-persistent session mode, an invalid
session object is returned when the maximum capacity, specified by Max In Memory Session Count property, has been reached.
Example code:
IBMSession sess = (IBMSession) request.getSession();
if(sess.isOverFlow())
throw new ServletException("Maximum number of sessions reached on the server");
With regards to security: When security integration is turned on in the SessionManager,
WebSphere Application Server maintains the notion of an authenticated or unauthenticated
owner of a session. If a session is owned by an unauthenticated user (which we internally
denote via the user name of "anonymous"), then a servlet operating under the credentials
of any user can access the session, provided the request has the session identifier(from either cookie or
rewritten url). However, if the session is marked as being owned by an authenticated user
(where the user name is provided by the WebSphere Security API's and
management), then a servlet must be operating under the credentials of the
same user in order for WebSphere to return the requested session to the
servlet. A session gets denoted one time with the first authenticated user name
seen by the Application Server while processing the session. This can
either happen if the user has already been authenticated on the Http Request
which leads to the creation of the session, or it can happen on the first
authenticated user name seen after an "anonymous" session is created.
Example code:
IBMSession sess = (IBMSession) request.getSession();
String userName = sess.getUserName();
With regard to sync in persistent sessions mode(both database and memory-to-memory): The application
can control when to persist the http session updates to external store by calling the sync method on
this extension. Starting with WebSphere version 5.0, this can be called independent of the write
frequency selected in the SessionManager.
Example code:
IBMSession sess = (IBMSession) request.getSession();
sess.sync();
UnauthorizedSessionRequestException
,
HttpSession
Method Summary | |
---|---|
IBMApplicationSession |
getIBMApplicationSession()
To get the IBMApplicationSession associated with the session. |
IBMApplicationSession |
getIBMApplicationSession(boolean create)
To get the IBMApplicationSession associated with the session. |
java.lang.String |
getUserName()
To get at the user identity associated with this session. |
boolean |
isOverflow()
To determine if the number of sessions in memory has exceeded the value specified by the Max In Memory Session Count property on the SessionManager. |
void |
sync()
To persist the session updates to external store. |
Methods inherited from interface javax.servlet.http.HttpSession |
---|
getAttribute, getAttributeNames, getCreationTime, getId, getLastAccessedTime, getMaxInactiveInterval, getServletContext, getSessionContext, getValue, getValueNames, invalidate, isNew, putValue, removeAttribute, removeValue, setAttribute, setMaxInactiveInterval |
Methods inherited from interface java.io.Externalizable |
---|
readExternal, writeExternal |
Method Detail |
---|
java.lang.String getUserName()
void sync()
boolean isOverflow()
IBMApplicationSession getIBMApplicationSession()
IBMApplicationSession getIBMApplicationSession(boolean create)
create
- boolean that indicates if the IBMApplicationSession should be created
|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |