Page Comparison

...

This explains basic usage of the Sakai SessionManager Service. This service is used to register new Authz (permission) groupsand manage information about user sessions.

• Trunk javadocs:
  • SessionManager: http://nightly2.sakaiproject.org/javadoc/org/sakaiproject/tool/api/SessionManager.html
  • Session: http://nightly2.sakaiproject.org/javadoc/org/sakaiproject/tool/api/Session.html
  • ToolSession: http://nightly2.sakaiproject.org/javadoc/org/sakaiproject/tool/api/ToolSession.html
• Trunk source location: https://source.sakaiproject.org/svn/tool/trunk/

...

1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)

   1. Add the SessionManager bean to the bean for YourAppClass

      Code Block
      xml xml
      <bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="sessionManager" ref="org.sakaiproject.tool.api.SessionManager" /> </bean>

   2. Add a variable and setter to YourAppClass to use the service in like so:

      Code Block
      java java
      private SessionManager sessionManager; public void setSessionManager(SessionManager sessionManager) { this.sessionManager = sessionManager; }

2. Using the cover Component Manager to get the service
   • Note: This is not the recommended method, you should be using Spring to inject the service
   1. Setup a variable to hold the instance from the cover Code Blockjavajava

      
      private SessionManager sessionManager;
      

      Get access to the service using the cover

      Use the CM cover to get the service

      Code Block
      java java
      sessionManager =import org.sakaiproject.component.cover.ComponentManager; import org.sakaiproject.tool.coverapi.SessionManager.getInstance();

   Maven (project.xml) dependency Add the following to the maven file for the code in which you are using the service Code Blockxmlxml <dependency> <groupId>sakaiproject</groupId> <artifactId>sakai-tool-api</artifactId> <version>${sakai.version}</version> </dependency>

   1. ; ... private SessionManager sessionManager; ... sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);

Getting the current user Session

1. Use the SessionManagerto get the current session

   Code Block
   java java
   Session s = sessionManager.getCurrentSession(); if (s != null) { // do something with the Session }

...

• Note: This sets the current user Session to the Sakai admin

1. Use the SessionManager to get the current session and then use the Sessionto set the userId

   Code Block
   java java
   Session s = sessionManager.getCurrentSession(); if (s != null) { s.setUserId("adminjohnsmith"); } else { log.warn("no CurrentSession, cannot set to adminjohnsmith user"); }

   • Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)
     
   • Warning: Please be very careful when elevating a user's permissions by temporarily changing the user id. It may be safe to do in a controlled way during Tomcat startup, but it should almost certainly be avoided when performing a user-triggered action. 
   • Note: To perform a user action with elevated privileges, please use a SecurityAdvisor as described in KNL-542