[jetty-dev] Jetty Session Management

[Mazzolini Mike <mike@xxxxxxxxxxxxxxxx>]

Hi,

I'm implementing an embedded Jetty instance to build a custom application. It needs to have session management but I'm struggling to properly implement Sessions within Jetty. 

What is the best resource for learning how to properly implement session management in Jetty? Here is some code as an example of how I'm currently starting my jetty instance:

   public void startServer(LoginService loginService, final BootStrapConfig bootStrapConfig) throws Exception {

        

        // Dependency Injection 

        ServiceLocatorFactory factory = ServiceLocatorFactory.getInstance();

        locator = factory.create("abbServices");

        if (bootStrapConfig != null) {

            this.register(new AbstractBinder() {

                @Override

                protected void configure() {

                    log.info("Binding dependencies to DI container");

                    registerDependencies(this, bootStrapConfig);

                }

                

            });

        }

        packages(true, "com.abb.rest.service");

        

        server = new Server(port);

        

        if (loginService != null)

            server.addBean(loginService);

        

        ResourceHandler resourceHandler = new ResourceHandler();

        

        resourceHandler.setDirectoriesListed(false);

        resourceHandler.setWelcomeFiles(new String[]{ "index.html" });

        resourceHandler.setResourceBase(installPath + "/html/");

                

        // Pass through for URI not needing to be secured

        Constraint passThrough = new Constraint();

passThrough.setAuthenticate(false);

        

        final ConstraintMapping insecureExemption = new ConstraintMapping();

insecureExemption.setPathSpec("/bs/*");

insecureExemption.setConstraint(passThrough);

        Constraint constraint = new Constraint();

        constraint.setName("auth");

        constraint.setAuthenticate(true);

        constraint.setRoles(new String[] { "user" });

        

        ConstraintMapping mapping = new ConstraintMapping();

        mapping.setPathSpec( "/abb/*" );

        mapping.setConstraint( constraint );

        

        ConstraintSecurityHandler security = new ConstraintSecurityHandler();        

        //security.setConstraintMappings(Collections.singletonList(mapping));

        security.setConstraintMappings(new ConstraintMapping[] { insecureExemption, mapping });

        security.setAuthenticator(new HybridAuthenticator(loginService));

        security.setLoginService(loginService);

 

        ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);

        servletHandler.setContextPath("/abb");

        ServletHolder sh = new ServletHolder(new ServletContainer(this));

        sh.setInitOrder(1);

        sh.setInitParameter(ServerProperties.PROVIDER_PACKAGES, "com.abb.rest.service");

        sh.setInitParameter(ServerProperties.LANGUAGE_MAPPINGS, "true");

        sh.setInitParameter(ServerProperties.RESOURCE_VALIDATION_IGNORE_ERRORS, "false");

        sh.setDisplayName("REST");

        servletHandler.addServlet(sh, "/*");

                

        PostResourceHandler postResourceHandler = new PostResourceHandler();

        postResourceHandler.setDirectoriesListed(false);

        postResourceHandler.setResourceBase(installPath + "/html");

        

        LoginHandler lh = new LoginHandler(loginService);

        HandlerList secureHandlers = new HandlerList();

        secureHandlers.setHandlers(new Handler[] { servletHandler });

        

        HandlerList insecureHandlers = new HandlerList();

        insecureHandlers.setHandlers(new Handler[] { resourceHandler, postResourceHandler });

        HandlerList allHandlers = new HandlerList();

        security.setHandler(secureHandlers);

        if (loginService == null) {

            log.warn("No login handler setup!!");

            allHandlers.setHandlers(new Handler[] { lh, servletHandler, insecureHandlers });

        }

        else {

            allHandlers.setHandlers(new Handler[] { lh, security, insecureHandlers });

        }

        

        NCSARequestLog requestLog = new NCSARequestLog();

        requestLog.setFilename(installPath + "/logs/yyyy_mm_dd.request.log");

        requestLog.setFilenameDateFormat("yyyy_MM_dd");

        requestLog.setRetainDays(90);

        requestLog.setAppend(true);

        requestLog.setExtended(true);

        requestLog.setLogCookies(false);

        requestLog.setLogTimeZone("GMT");

        RequestLogHandler requestLogHandler = new RequestLogHandler();

        requestLogHandler.setRequestLog(requestLog);

        

        allHandlers.addHandler(requestLogHandler);

        

        if (loginService != null) {

            SessionIdManager idManager = new HashSessionIdManager();

            SessionHandler sessionHandler = new AbbSessionHandler();

            SessionManager sessionManager = new AbbSessionManager();

            sessionHandler.setSessionManager(sessionManager);

            sessionHandler.setHandler(allHandlers);

            sessionHandler.setServer(server);

            server.setHandler(sessionHandler);        

            server.setSessionIdManager(idManager);

        }

        else {

            server.setHandler(allHandlers);

        }

        

        log.debug("Installpath: " + installPath);

        

        server.start();

        server.dumpStdErr();

        log.info("--- Started ABB Server ---");

        

        

    }

--------------------

Mike Mazzolini

Co-founder XonaSoftware, Inc.

O: 312-881-8181

mike@xxxxxxxxxxxxxxxx

"Keep moving forward"