Package com.persequor.extension.authentication

Interface IAuthenticationSession

public interface IAuthenticationSession
Class representing an authentication session persisted in between HTTP requests. Any changes made to the session will be saved after request processing is done and before the response is sent. A cookie is used to bind the request and its server-side representation.

Sessions are saved automatically when the response is sent, even if no data is stored in the session. This is to ensure that the session cookie is updated with the latest expiration time.

As such the session is the optimal place to store data that needs to be persisted between requests as part of the authentication process, such as challenge state or user information.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getAttribute(String name)
    Gets an attribute from the session.
    Optional<User>
    getUser()
    If the developer didn't set a new user, this method will use the Saga session cookie provided in the request and return the associated user if it exists.
    Instant
    getValidUntil()
    Gets the validity of the current session
    void
    invalidate()
    Invalidates session by deleting the cookie from the browser and from storage.
    void
    setAttribute(String name, String value)
    Sets an attribute to the current session.
    void
    setUser(User user)
    Stores the user within the session.
    void
    setValidUntil(Instant validUntil)
    Sets/updates when the current session is valid until.

  • Method Details

    • getUser

      Optional<User> getUser()
      If the developer didn't set a new user, this method will use the Saga session cookie provided in the request and return the associated user if it exists.

      May be Optional.empty() if a session is still in the process of being created, such as authentication flows that use an external authentication provider.

      If the user is set, an authentication provider may assume that the user is authenticated and has the roles associated with the user, BUT it is recommended to check that the user was created by the current provider in these cases. If it was not it is recommended to treat it as if no User was set.

      Returns:
      a user associated with the current session.

    • setUser

      void setUser(@Nullable User user)
      Stores the user within the session. It's recommended that the session also have a validity. Use the setValidUntil(Instant validUntil) method for that.
      Parameters:
      user - User to be stored in the session

    • setValidUntil

      void setValidUntil(Instant validUntil)
      Sets/updates when the current session is valid until.
      Parameters:
      validUntil - validity of session

    • getValidUntil

      Instant getValidUntil()
      Gets the validity of the current session
      Returns:
      validity of the current session

    • invalidate

      void invalidate()
      Invalidates session by deleting the cookie from the browser and from storage.

      Can be used in the sign-out call.

    • setAttribute

      void setAttribute(String name, @Nullable String value)
      Sets an attribute to the current session.

      Automatically persisted when the response is sent.

      Parameters:
      name - attribute name to be store in session
      value - attribute value to be store in session, or null to remove the attribute

    • getAttribute

      String getAttribute(String name)
      Gets an attribute from the session.
      Parameters:
      name - attribute name to be fetched from session
      Returns:
      the attribute with name stored for the current session