Child pages
  • Using the SessionManager Service
Skip to end of metadata
Go to start of metadata

Information

This explains basic usage of the Sakai SessionManager Service. This service is used to register and manage information about user sessions.

Accessing the SessionManager

  • You can use Spring Framework to inject the service or use the cover
  1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
    1. Add the SessionManager bean to the bean for YourAppClass

      <bean id="org.sakaiproject.yourapp.logic.YourAppClass"
      		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
      	<property name="sessionManager"
      		ref="org.sakaiproject.tool.api.SessionManager" />
      </bean>
      
    2. Add a variable and setter to YourAppClass to use the service in like so:

      private SessionManager sessionManager;
      public void setSessionManager(SessionManager sessionManager) {
      	this.sessionManager = sessionManager;
      }
      
  2. Using the Component Manager to get the service
    • Note: This is not the recommended method, you should be using Spring to inject the service
    1. Use the CM cover to get the service

      import org.sakaiproject.component.cover.ComponentManager;
      import org.sakaiproject.tool.api.SessionManager;
      ...
        private SessionManager sessionManager;
      ...
          sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);
      

Getting the current user Session

  1. Use the SessionManagerto get the current session

    Session s = sessionManager.getCurrentSession();
    if (s != null) {
    	// do something with the Session
    }
    

Changing the current user Session to another user

  • Note: This sets the current user Session to the Sakai admin
  1. Use the SessionManager to get the current session and then use the Sessionto set the userId

    Session s = sessionManager.getCurrentSession();
    if (s != null) {
    	s.setUserId("johnsmith");
    } else {
    	log.warn("no CurrentSession, cannot set to johnsmith user");
    }
    
    • Note: This could allow you to run something that requires the admin user permissions while there is no session with appropriate permissions (or while the session is a user with lower permissions)
    • Warning: Please be very careful when elevating a user's permissions by temporarily changing the user id. It may be safe to do in a controlled way during Tomcat startup, but it should almost certainly be avoided when performing a user-triggered action. 
    • Note: To perform a user action with elevated privileges, please use a SecurityAdvisor as described in KNL-542
  • No labels