Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
    1. Add the SessionManager bean to the bean for YourAppClass

      Code Block
      xml
      xml
      
      <bean id="org.sakaiproject.yourapp.logic.YourAppClass"
      		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
      	<property name="sessionManager"
      		ref="org.sakaiproject.tool.api.SessionManager" />
      </bean>
      
    2. Add a variable and setter to YourAppClass to use the service in like so:

      Code Block
      java
      java
      
      private SessionManager sessionManager;
      public void setSessionManager(SessionManager sessionManager) {
      	this.sessionManager = sessionManager;
      }
      
  2. Using the Component Manager to get the service
    • Note: This is not the recommended method, you should be using Spring to inject the service
    1. Use the CM cover to get the service

      Code Block
      java
      java
      
      import org.sakaiproject.component.cover.ComponentManager;
      import org.sakaiproject.tool.api.SessionManager;
      ...
        private SessionManager sessionManager;
      ...
          sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);
      

Getting the current user Session

  1. Use the SessionManagerto get the current session

    Code Block
    java
    java
    
    Session s = sessionManager.getCurrentSession();
    if (s != null) {
    	// do something with the Session
    }
    

...

  • Note: This sets the current user Session to the Sakai admin
  1. Use the SessionManager to get the current session and then use the Sessionto set the userId

    Code Block
    java
    java
    
    Session s = sessionManager.getCurrentSession();
    if (s != null) {
    	s.setUserId("adminjohnsmith");
    } else {
    	log.warn("no CurrentSession, cannot set to adminjohnsmith user");
    }
    
    • Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)
    • Warning: Please be very careful when elevating a user's permissions by temporarily changing the user id. It may be safe to do in a controlled way during Tomcat startup, but it should almost certainly be avoided when performing a user-triggered action. 
    • Note: To perform a user action with elevated privileges, please use a SecurityAdvisor as described in KNL-542