...
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
Add the SessionManager bean to the bean for YourAppClass
Code Block xml xml <bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="sessionManager" ref="org.sakaiproject.tool.api.SessionManager" /> </bean>
Add a variable and setter to YourAppClass to use the service in like so:
Code Block java java private SessionManager sessionManager; public void setSessionManager(SessionManager sessionManager) { this.sessionManager = sessionManager; }
- Using the Component Manager to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
Use the CM cover to get the service
Code Block java java import org.sakaiproject.component.cover.ComponentManager; import org.sakaiproject.tool.api.SessionManager; ... private SessionManager sessionManager; ... sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);
Getting the current user Session
Use the SessionManagerto get the current session
Code Block java java Session s = sessionManager.getCurrentSession(); if (s != null) { // do something with the Session }
...
- Note: This sets the current user Session to the Sakai admin
Use the SessionManager to get the current session and then use the Sessionto set the userId
Code Block java java Session s = sessionManager.getCurrentSession(); if (s != null) { s.setUserId("adminjohnsmith"); } else { log.warn("no CurrentSession, cannot set to adminjohnsmith user"); }
- Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)
- Warning: Please be very careful when elevating a user's permissions by temporarily changing the user id. It may be safe to do in a controlled way during Tomcat startup, but it should almost certainly be avoided when performing a user-triggered action.
- Note: To perform a user action with elevated privileges, please use a SecurityAdvisor as described in KNL-542
- Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)