Package ch.ivyteam.ivy.security

Interface ISession

All Superinterfaces:
org.eclipse.core.runtime.IAdaptable, IAttributeStore<Object>, IUserToken
All Known Subinterfaces:
IWorkflowSession
public interface ISession extends IUserToken, org.eclipse.core.runtime.IAdaptable, IAttributeStore<Object>
A session holds information about a user who interacts with ivy. The session offers access to session attributes via the IAttributeStore interface. Please note that those attributes are no longer available, once the session has been destroyed.

Note: Sessions are attached to a cluster node. All Operations on ISession are limited to one cluster node and do not consider session on other cluster nodes. This must be considered specially for the methods.

If you need information about all Sessions in a cluster use ISecurityContext.sessions() and ISessionRepository.clusterSnapshot()

Since:
17.05.2006
API:
This is a public API.

  • Method Details

    • getIdentifier

      int getIdentifier()
      Returns the session identifier
      Returns:
      session identifier
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • isSessionUserUnknown

      boolean isSessionUserUnknown()
      If this session is anonymous (e.g., no user has been authenticated within the session) then the session user is unknown. If a user has been authenticated within the session, then the session user is known.
      Returns:
      true if session user is unknown (anonymous session)
      Throws:
      PersistencyException - if persistency access fails
      See Also:
      API:
      This public API is available in IvyScript and Java. It has the visibility NOVICE.

    • isSessionUserSystemUser

      boolean isSessionUserSystemUser()
      Returns true if the current session user is the System User.
      Returns:
      true if the current session user is the System User.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getSessionUser

      IUser getSessionUser()
      Returns the session user or null if no user has been authenticated within the session (e.g., an anonymous session)
      Returns:
      session user or null if no user has been authenticated within the session
      Throws:
      PersistencyException - if persistency access fails
      See Also:
      API:
      This public API is available in IvyScript and Java. It has the visibility NOVICE.

    • assignRole

      void assignRole(IRole role)
      Assigns a role to the session.
      Parameters:
      role - The role to assign
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION MATCHES THIS OR OWNS SessionAssignRole PERMISSION OR OWNS SessionAssignRole@SYSTEM PERMISSION

    • checkPassword

      boolean checkPassword(String password)
      Verifies the current user's password. This method will only work if the session user is a wellknown user since unknown users don't have a password
      Parameters:
      password - The password to be checked
      Returns:
      true if the specified password is correct for the currently logged on user, false otherwise
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • loginSessionUser

      default boolean loginSessionUser(String userName, String password)
      Logs in the session user if authentication is successful.

      In case of success the user is assigned to the session. Which means the session user changes from unknown to a wellknown user. If there is already a user authenticated within the session, then the old user is logged out after successful authentication of the new user (unless it is the same user, in which case no logout is performed).

      See logoutSessionUser for a description what happens during logout. When the logout is performed, all running tasks of this session are reset, except the current running one.

      If authentication is not not successful, the method will return false

      Parameters:
      userName - The name of the user
      password - The password of the user
      Returns:
      true if login was successful, false otherwise
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • logoutSessionUser

      default void logoutSessionUser()
      Logs the session user out of this session. The session user is afterwards unknown. All task which the user has resumed so far are reset, except the current running one. To login a session user use the method authenticateSessionUser
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getSecurityContext

      ISecurityContext getSecurityContext()
      Gets the security context
      Returns:
      security context
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • isAbsent

      boolean isAbsent()
      Is the session user currently absent
      Returns:
      true if it is absent, otherwise false
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadAbsent PERMISSION OR OWNS SessionReadAbsent@SYSTEM PERMISSION

    • hasActiveSubstitutions

      boolean hasActiveSubstitutions()
      Returns true if this session is an active substitution for other users (at least one). Active means the substituted user(s) is (are) absent, so that this session acts as substitute for that (those) users.
      Returns:
      true if session is an active subsitution, otherwise false.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadActiveSubstitutions PERMISSION OR OWNS SessionReadActiveSubstitutions@SYSTEM PERMISSION

    • getActiveSubstitutions

      List<IUserSubstitute> getActiveSubstitutions()
      Gets the active substitutions
      Returns:
      DataSet with the active substitutions
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadActiveSubstitutions PERMISSION OR OWNS SessionReadActiveSubstitutions@SYSTEM PERMISSION

    • getClusterNode

      String getClusterNode()
      Gets the cluster node the session is running (task state RESUMED) on
      Returns:
      the name of the cluster node the session is running (task state RESUMED) on
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • isMemberThroughActiveSubstitution

      boolean isMemberThroughActiveSubstitution(String securityMemberName)
      Returns true if the current user is member of the security member name because of active substitution that substitutes him as the security member. If the security mamber is a role that the current user owns for himself or is himself the method return false.
      Parameters:
      securityMemberName - the security mamaber name
      Returns:
      true if he is a member of an active substitution, otherwise false.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadIsMemberThroughActiveSubstitution PERMISSION OR OWNS SessionReadIsMemberThroughActiveSubstitution@SYSTEM PERMISSION

    • isMemberThroughActiveSubstitution

      boolean isMemberThroughActiveSubstitution(ISecurityMember securityMember)
      Returns true if the current user is member of the security member because of active substitution that substitutes him as the security member. If the security mamber is a role that the current user owns for himself or is himself the method return false.
      Parameters:
      securityMember - the security mamaber
      Returns:
      true if he is a member of an active substitution, otherwise false.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadIsMemberThroughActiveSubstitution PERMISSION OR OWNS SessionReadIsMemberThroughActiveSubstitution@SYSTEM PERMISSION

    • getMySessions

      List<ISession> getMySessions()
      Gets all other session where the current session user is also logged in. Sessions from other cluster nodes are NOT contained in the result
      Returns:
      DataSet with my sessions
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadAllMySessions PERMISSION OR OWNS SessionReadAllMySessions@SYSTEM PERMISSION

    • hasMoreThanOneSession

      boolean hasMoreThanOneSession()
      Returns true if the session user is logged into more than one session. This method does NOT consider sessions on other cluster nodes
      Returns:
      true if user is logged into more than one session, otherwise false
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION MATCHES THIS OR OWNS SessionReadAllMySessions PERMISSION OR OWNS SessionReadAllMySessions@SYSTEM PERMISSION

    • hasPermission

      boolean hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
      Checks if the current session has a certain permission on the security descriptor
      Parameters:
      securityDescriptor - the security descriptor to check for the permission
      permission - the identifier of the permission to check
      Returns:
      true if sesion has permission, otherwise false
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • checkPermission

      void checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
      Checks if the current session has a certain permission on the security descriptor
      Parameters:
      securityDescriptor - the security descriptor to check for the permission
      permission - the permission to check
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getSessionUserName

      String getSessionUserName()
      Gets the user name of the session user or if no user has been authenticated within the session returns "Unknown User (Session ###)" where ### stands for the session identifier.
      Returns:
      session user name. Never null.
      Throws:
      PersistencyException - if persistency access fails
      See Also:
      API:
      This public API is available in IvyScript and Java. It has the visibility NOVICE.

    • setContentLocale

      void setContentLocale(Locale contentLocale)
      Sets the locale (language and country) to use for the look up of content objects from the CMS. This value overrides the locale computed by the ivy Engine depending on the client browser and client OS.
      Parameters:
      contentLocale - the language and country to use for the look up of content objects from the CMS, or null to reset the setting.
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • setContentLocale

      default void setContentLocale(String language, String country)
      Sets the locale (language and country) to use for the look up of content objects from the CMS. This value overrides the locale computed by the ivy Engine depending on the client browser and client OS. Construct a locale from language, country. NOTE: ISO 639 is not a stable standard; some of the language codes it defines (specifically iw, ji, and in) have changed. This constructor accepts both the old codes (iw, ji, and in) and the new codes (he, yi, and id), but all other API on Locale will return only the OLD codes.
      Parameters:
      language - two-letter ISO-639-1 code
      country - two-letter ISO-3166 code
      Throws:
      NullPointerException - thrown if either argument is null
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getContentLocale

      Locale getContentLocale()
      Returns the current language and country to use for the look up of content objects from the CMS. If no user settings are made by calling the setContentLocale(...) method, then the ivy Engine uses the client browser and client OS settings to evaluate the current locale.
      Returns:
      the current locale to use for the look up of content objects from the CMS.
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • setFormattingLocale

      void setFormattingLocale(Locale formattingLocale)
      Sets the locale (language and country) to use for the formatting of Date, Time and Numbers. This value overrides the locale computed by the ivy Engine depending on the client browser and client OS.
      Parameters:
      formattingLocale - the language and country to use for the formatting of Date, Time and Numbers, or null to reset the setting.
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • setFormattingLocale

      default void setFormattingLocale(String language, String country)
      Sets the locale (language and country) to use for the formatting of Date, Time and Numbers. This value overrides the locale computed by the ivy Engine depending on the client browser and client OS.
      Parameters:
      language - two-letter ISO-639-1 code
      country - two-letter ISO-3166 code
      Throws:
      NullPointerException - thrown if either argument is null
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getFormattingLocale

      Locale getFormattingLocale()
      Returns the current language and country to use for the formatting of Date, Time and Numbers. If no user settings are made by calling the setFormattingLocale(...) method, then the ivy Engine uses the client browser and client OS settings to evaluate the current locale.
      Returns:
      the current locale to use for the formatting of Date, Time and Numbers.
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • setActiveEnvironment

      @Deprecated(since="9.3", forRemoval=true) void setActiveEnvironment(String name)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This features was introduced for multi-tenancy. We recommend to containerized your environment and run a dedicated engine for each tenant.
      Sets the name of the environment on this session.
      This will override the environment settings defined on the application. The setting could be overriden by setting the environment on the ICase.setActiveEnvironment(String). For detailed description of the environment evaluation see IApplication.getActualEnvironment().
      Parameters:
      name - name of the environment. Use null or an empty string to set none
      Throws:
      PersistencyException - If persistency access fails
      NoSuchElementException - If the environment does not exist
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getActiveEnvironment

      @Deprecated(since="9.3", forRemoval=true) String getActiveEnvironment()
      Deprecated, for removal: This API element is subject to removal in a future version.
      This features was introduced for multi-tenancy. We recommend to containerized your environment and run a dedicated engine for each tenant.
      Returns:
      The name of the environment which is set on the session or null if none is set.
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • current

      static ISession current()

      Gets the current session.

      Will return null if called out of scope. The scope is set if you call this method from an ivy process or any supported ivy environment. It is not set in non supported ivy environments (e.g. if you start your own threads, etc.).

      Returns:
      current session or null if out of scope
      Since:
      9.1
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.