Package com.aquima.web.api.controller.v1

Class SessionController

  • @RestController("apiSessionController")
@RequestMapping(path="/api/v1",
                produces="application/json")
@ServerContext
public class SessionController
extends AbstractBaseController
    Controller which performs actions related to sessions, such as event subscription and flowing.
    Author:
    A. Pragt, T. Middeldorp

    • Constructor Detail

      • SessionController

        @Autowired
public SessionController​(com.blueriq.component.api.IAquimaSessionsMap sessionManager,
                         SessionService sessionService,
                         com.blueriq.component.api.AquimaBeanProvider aquimaProvider,
                         com.aquima.interactions.portal.IPortalEngine portalEngine,
                         SessionListener sessionListener)

    • Method Detail

      • subscribe

        @PostMapping("/subscription/{subscriptionId}/session/{sessionId}/load")
@Csrf(ignore=true)
@RequestWard(validate=false)
public PageModel subscribe​(@PathVariable("subscriptionId")
                           com.blueriq.component.api.IAquimaSession rootSession,
                           @PathVariable("sessionId")
                           com.blueriq.component.api.IAquimaSession currentSession)
        Subscribes a session with the specified session id to the specified subscription. CSRF and Request-Ward verification is skipped for this endpoint, as the client doesn't know the current CSRF and Request-Ward tokens yet.
        Parameters:
        rootSession - The root session.
        currentSession - The current session.
        Returns:
        A PageModel instance with the the current page contents and language settings.

      • handleEvent

        @PostMapping(path="/subscription/{subscriptionId}/session/{sessionId}/event",
             consumes="application/json")
public EventResponse handleEvent​(@PathVariable("subscriptionId")
                                 com.blueriq.component.api.IAquimaSession rootSession,
                                 @PathVariable("sessionId")
                                 com.blueriq.component.api.IAquimaSession currentSession,
                                 @RequestBody
                                 PageEvent event)
        Handles the specified page event and responds with an EventResponse containing occurred events.
        Parameters:
        currentSession - The session to create an event response for.
        event - The page event to handle.
        Returns:
        EventResponse which contains all events that might have been occurred for the specified subscription id.

      • startFlow

        @PostMapping("/subscription/{subscriptionId}/session/{sessionId}/flow/{flowName}")
public EventResponse startFlow​(@PathVariable("subscriptionId")
                               com.blueriq.component.api.IAquimaSession rootSession,
                               @PathVariable("sessionId")
                               com.blueriq.component.api.IAquimaSession currentSession,
                               @PathVariable
                               String flowName)
        Starts the flow with the specified name and responds with an EventResponse containing occurred events.
        Parameters:
        currentSession - The session id to create an event response for.
        flowName - The name of the flow to start.
        Returns:
        EventResponse which contains all events that might have been occurred for the specified subscription id.

      • keepAlive

        @Csrf(ignore=true)
@PostMapping("/subscription/{subscriptionId}/session/{sessionId}/keepalive")
@ResponseStatus(NO_CONTENT)
public void keepAlive​(@PathVariable("subscriptionId")
                      String rootSessionId,
                      @PathVariable("sessionId")
                      String currentSessionId)
               throws Exception
        Keeps the session alive by extending its timeout value.

        CSRF and Request-Ward validations and renewals are disabled for this endpoint, as keep-alive requests may occur in parallel with other requests. We don't want keep-alive requests to generate new CSRF or Request-Ward tokens.

        Disabling CSRF for this endpoint is a minor security issue. A potential attacker may keep the session of the victim alive indefinitely, but the attacker needs to know the victim's HTTP session ID first. In that case we're dealing with a larger session hijacking problem.

        Parameters:
        rootSessionId - the id of the root session in the session hierarchy (not used, kept for API compatibility)
        currentSessionId - the id of the session to be kept alive
        Throws:
        Exception

      • prepareOffline

        @PostMapping("/subscription/{subscriptionId}/session/{sessionId}/offline/prepare/{taskIdString}")
public org.springframework.http.ResponseEntity<PageModel> prepareOffline​(@PathVariable("subscriptionId")
                                                                         com.blueriq.component.api.IAquimaSession rootSession,
                                                                         @PathVariable("sessionId")
                                                                         com.blueriq.component.api.IAquimaSession session,
                                                                         @PathVariable
                                                                         String taskIdString)

      • closeSession

        @PostMapping("/subscription/{subscriptionId}/session/{sessionId}/close")
@ResponseStatus(NO_CONTENT)
@RequestWard(validate=false,
             renew=false)
public void closeSession​(@PathVariable("subscriptionId")
                         com.blueriq.component.api.IAquimaSession rootSession,
                         @PathVariable("sessionId")
                         String currentSessionId)
        Closes a session given the session id.

        Request-ward validation and renewal are disabled, because request wards don't make sense for this endpoint. If the runtime crashes before the session is closed, the request can be repeated on a backup node with or without a request ward. If the runtime crashes after the session is closed, it is no longer possible to validate the request ward on the backup node, as there is no session anymore to validate against. In both cases, renewing the request ward doesn't make sense either, because the session no longer exists after this endpoint is called.

        Parameters:
        rootSession - session based on the subscriptionid
        currentSessionId - The session id to of the session to be closed.