Package com.aquima.web.api.controller.v2
Class SessionController
java.lang.Object
com.aquima.web.api.controller.v2.AbstractBaseController
com.aquima.web.api.controller.v2.SessionController
@RestController("v2ApiSessionController")
@RequestMapping(path="/api/v2",
produces="application/json")
@ServerContext
public class SessionController
extends AbstractBaseController
Controller which performs actions related to sessions
- Since:
- 11.0
- Author:
- A. Pragt, T. Middeldorp
-
Constructor Summary
ConstructorsConstructorDescriptionSessionController(com.blueriq.component.api.IAquimaSessionsMap sessionManager, SessionService sessionService, SessionListener sessionListener, List<FlowEndedHandler> flowEndedHandlers) -
Method Summary
Modifier and TypeMethodDescriptionvoidcloseSession(String sessionId) Closes a session given the session id.getPageModel(com.blueriq.component.api.IAquimaSession session) Returns the page model of the specified session and renews the CSRF token.handleEvent(com.blueriq.component.api.IAquimaSession session, PageEvent event) Handles the specified page event and responds with anEventResponsecontaining occurred events.voidKeeps the session alive by extending its timeout value.Starts the flow with the specified name and responds with anEventResponsecontaining occurred events.Methods inherited from class com.aquima.web.api.controller.v2.AbstractBaseController
clientParametersException, handleConversionException, handleDecisionTreeNotExposedException, handleEmptySymptomException, handleFlowEndedException, handleForbiddenException, handleFunctionValidationException, handleFunctionValidationException, handleMethodArgumentTypeMismatchException, handleRequestWardException, handleStartApplicationForbiddenException, handleStartShortcutForbiddenException, handleUnauthorizedException, handleUnknownApplicationException, handleUnknownFlowException, handleUnknownFunctionFlowException, handleUnknownLanguageException, handleUnknownModuleException, handleUnknownSessionException, handleUnknownShortcutException, handleUnsupportedOpenApiSpecException, isAuthenticated
-
Constructor Details
-
SessionController
@Autowired public SessionController(com.blueriq.component.api.IAquimaSessionsMap sessionManager, SessionService sessionService, SessionListener sessionListener, List<FlowEndedHandler> flowEndedHandlers)
-
-
Method Details
-
getPageModel
@PostMapping("/session/{sessionId}/load") @Csrf(ignore=true) @RequestWard(validate=false) public PageModel getPageModel(@PathVariable("sessionId") com.blueriq.component.api.IAquimaSession session) Returns the page model of the specified session and renews the CSRF token. Csrf and Request-Ward verification is skipped for this endpoint, as the client doesn't know the current CSRF and Request-Ward tokens yet. -
handleEvent
@PostMapping(path="/session/{sessionId}/event", consumes="application/json") public EventResponse handleEvent(@PathVariable("sessionId") com.blueriq.component.api.IAquimaSession session, @RequestBody PageEvent event) Handles the specified page event and responds with anEventResponsecontaining occurred events.- Parameters:
session- - The session to create an event response for.event- The page event to handle.- Returns:
EventResponsewhich contains all events that might have been occurred for the specified session.
-
startFlow
@PostMapping("/session/{sessionId}/flow/{flowName}") public EventResponse startFlow(@PathVariable("sessionId") com.blueriq.component.api.IAquimaSession session, @PathVariable String flowName) Starts the flow with the specified name and responds with anEventResponsecontaining occurred events.- Parameters:
session- The session id to create an event response for.flowName- The name of the flow to start.- Returns:
EventResponsewhich contains all events that might have been occurred for the specified session
-
keepAlive
@PostMapping("/session/{sessionId}/keepalive") @ResponseStatus(NO_CONTENT) @Csrf(ignore=true) @RequestWard(validate=false, renew=false) public void keepAlive(@PathVariable("sessionId") String currentSessionId) throws Exception Keeps the session alive by extending its timeout value.CSRF and Request-Ward validations and renewals are disabled for this endpoint, as keep-alive requests may occur in parallel with other requests. We don't want keep-alive requests to generate new CSRF or Request-Ward tokens.
Disabling CSRF for this endpoint is a minor security issue. A potential attacker may keep the session of the victim alive indefinitely, but the attacker needs to know the victim's HTTP session ID first. In that case we're dealing with a larger session hijacking problem.
- Parameters:
currentSessionId- the id of the session to be kept alive- Throws:
Exception- when something goes wrong
-
closeSession
@PostMapping("/session/{sessionId}/close") @ResponseStatus(NO_CONTENT) @RequestWard(validate=false, renew=false) public void closeSession(@PathVariable("sessionId") String sessionId) Closes a session given the session id.Request-ward validation and renewal are disabled, because request wards don't make sense for this endpoint. If the runtime crashes before the session is closed, the request can be repeated on a backup node with or without a request ward. If the runtime crashes after the session is closed, it is no longer possible to validate the request ward on the backup node, as there is no session anymore to validate against. In both cases, renewing the request ward doesn't make sense either, because the session no longer exists after this endpoint is called.
- Parameters:
sessionId- The session id to of the session to be closed.
-