Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

This explains basic usage of the Sakai SessionManager Service. This service is used to register new Authz (permission) groupsand manage information about user sessions.

...

  1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)

    1. Add the SessionManager bean to the bean for YourAppClass

      Code Block
      xml
      xml
      
<bean id="org.sakaiproject.yourapp.logic.YourAppClass"
		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
	<property name="sessionManager"
		ref="org.sakaiproject.tool.api.SessionManager" />
</bean>

    2. Add a variable and setter to YourAppClass to use the service in like so:

      Code Block
      java
      java
      
private SessionManager sessionManager;
public void setSessionManager(SessionManager sessionManager) {
	this.sessionManager = sessionManager;
}
  2. Using the Component Manager to get the service
    • Note: This is not the recommended method, you should be using Spring to inject the service

    1. Use the CM cover to get the service

      Code Block
      java
      java
      
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.tool.api.SessionManager;
...
  private SessionManager sessionManager;
...
    sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);

Getting the current user Session

  1. Use the SessionManagerto get the current session

    Code Block
    java
    java
    
Session s = sessionManager.getCurrentSession();
if (s != null) {
	// do something with the Session
}

...

  • Note: This sets the current user Session to the Sakai admin

  1. Use the SessionManager to get the current session and then use the Sessionto set the userId

    Code Block
    java
    java
    
Session s = sessionManager.getCurrentSession();
if (s != null) {
	s.setUserId("adminjohnsmith");
} else {
	log.warn("no CurrentSession, cannot set to adminjohnsmith user");
}
    • Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)
    • Warning: Please be very careful when elevating a user's permissions by temporarily changing the user id. It may be safe to do in a controlled way during Tomcat startup, but it should almost certainly be avoided when performing a user-triggered action. 
    • Note: To perform a user action with elevated privileges, please use a SecurityAdvisor as described in KNL-542