Search in sources :

Example 1 with Session

use of spark.Session in project vertigo by KleeGroup.

the class SessionWebServiceHandlerPlugin method handle.

/**
 * {@inheritDoc}
 */
@Override
public Object handle(final Request request, final Response response, final WebServiceCallContext routeContext, final HandlerChain chain) throws SessionException {
    // obtain session (create if needed)
    final Session session = request.session(true);
    final UserSession user = obtainUserSession(session);
    try {
        // Bind userSession to SecurityManager
        securityManager.startCurrentUserSession(user);
        return chain.handle(request, response, routeContext);
    } catch (final VSecurityException e) {
        if (session.isNew()) {
            // If a new session is badly use, we invalid it (light protection against DDOS)
            session.invalidate();
            // If session was just created, we translate securityException as a Session expiration.
            throw (SessionException) new SessionException("Session has expired").initCause(e);
        }
        throw e;
    } finally {
        // Unbind userSession to SecurityManager
        securityManager.stopCurrentUserSession();
    }
}
Also used : UserSession(io.vertigo.persona.security.UserSession) SessionException(io.vertigo.vega.webservice.exception.SessionException) VSecurityException(io.vertigo.vega.webservice.exception.VSecurityException) Session(spark.Session) UserSession(io.vertigo.persona.security.UserSession)

Aggregations

UserSession (io.vertigo.persona.security.UserSession)1 SessionException (io.vertigo.vega.webservice.exception.SessionException)1 VSecurityException (io.vertigo.vega.webservice.exception.VSecurityException)1 Session (spark.Session)1