Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit.session
Class AbstractSessionTracker

java.lang.Object
  extended by org.jwall.web.audit.session.AbstractSessionTracker
All Implemented Interfaces:
EventListener<AuditEvent>, AuditEventListener, SessionTracker
Direct Known Subclasses:
CookieSessionTracker, HeuristicSessionTracker
public abstract class AbstractSessionTracker
extends Object
implements SessionTracker

This class is an abstract implementation of a simple session tracker and provides the basis for the tracker HeuristicSessionTracker and CookieSessionTracker.

Author:
Christian Bockermann <chris@jwall.org>

Constructor Summary
AbstractSessionTracker()
          This creates a new instance of this class which is based on the default timeout of 2 hours ( = 7200000 ms ).
AbstractSessionTracker(long timeout)
          This initializes the tracker with the given session-timeout.
 
Method Summary
 void eventArrived(AuditEvent event)
          This method tracks an AuditEvent object and creates a session if none existed yet.
 void eventsArrived(Collection<AuditEvent> events)
          This method is called for notifying the listener of arrival of several events in a block.
abstract  String extractKey(AuditEvent evt)
          This method extracts the key-feature from an event which is used to identify the session that this event is related to.
 Session getSession(String sessionId)
          This method returns the session with the given session-id.
 Collection<Session> getSessions()
          This method returns all the sessions (active and timed-out) that have been created by the session-tracker.
 long getSessionTimeOut()
          Returns the session-timeout that is used by this tracker.
 boolean isExpired(Session s, AuditEvent event)
          This method is used to check a session for expiration according to the date of the given audit-event.
 void reset()
          This method simply resets the session-tracker to the initial state which holds no sessions.
 void setSessionTimeOut(long s)
          This method is used to set the session-timeout.
 void setStrictSessions(boolean b)
          In a strict session the session-id is presumed to be created by the server-side application.
 String toString()
          This method returns a string of all events grouped by their session-id.
 boolean usesStrictSessions()
          Returns true, if the tracker only produces strict sessions.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AbstractSessionTracker

public AbstractSessionTracker()
This creates a new instance of this class which is based on the default timeout of 2 hours ( = 7200000 ms ).

AbstractSessionTracker

public AbstractSessionTracker(long timeout)
This initializes the tracker with the given session-timeout.

Parameters:
timeout - The session-timeout in seconds.
Method Detail

eventArrived

public void eventArrived(AuditEvent event)
This method tracks an AuditEvent object and creates a session if none existed yet. Otherwise the existing session is touched.

Specified by:
eventArrived in interface EventListener<AuditEvent>
Specified by:
eventArrived in interface AuditEventListener
Specified by:
eventArrived in interface SessionTracker
Parameters:
event - The AuditEvent instance that is to be associated with a session.

eventsArrived

public void eventsArrived(Collection<AuditEvent> events)
Description copied from interface: AuditEventListener
This method is called for notifying the listener of arrival of several events in a block. Usually, this method is implemented by calling AuditEventListener.eventArrived(AuditEvent) for each of the given events, but may be handled in a more efficient way by implementations capable of processing blocks of events.

Specified by:
eventsArrived in interface AuditEventListener
Parameters:
events - The block of events arrived.

getSession

public Session getSession(String sessionId)
This method returns the session with the given session-id.

Specified by:
getSession in interface SessionTracker
Parameters:
sessionId - The id of the session that is to be retrieved.
Returns:
The appopriate session if it is still active or null if the session is inactive or does not exist at all.

getSessions

public Collection<Session> getSessions()
This method returns all the sessions (active and timed-out) that have been created by the session-tracker.

Specified by:
getSessions in interface SessionTracker
Returns:
A collection of session instances.

reset

public void reset()
This method simply resets the session-tracker to the initial state which holds no sessions.

Specified by:
reset in interface SessionTracker

isExpired

public boolean isExpired(Session s,
                         AuditEvent event)
This method is used to check a session for expiration according to the date of the given audit-event.

Parameters:
s - The session that is to be checked.
event - The event which defines the current date.
Returns:
true if the sessions' last access-time is no longer that a period of X seconds away from the events date. Here X is the session-timeout defined for this session-tracker.

setSessionTimeOut

public void setSessionTimeOut(long s)
This method is used to set the session-timeout. Modification of the timeout does not affect any of the sessions created so far.

Specified by:
setSessionTimeOut in interface SessionTracker
Parameters:
s - The number of seconds after which a session is to be timed out.

getSessionTimeOut

public long getSessionTimeOut()
Returns the session-timeout that is used by this tracker.

Specified by:
getSessionTimeOut in interface SessionTracker
Returns:
The number of seconds that a session is kept active without any events related to it.

setStrictSessions

public void setStrictSessions(boolean b)
In a strict session the session-id is presumed to be created by the server-side application. Thus only sessions for which the server responded with a session identifier are assumed to be valid. This prevents the tracker from trusting any requests of a simple session-guessing attack.

Specified by:
setStrictSessions in interface SessionTracker
Parameters:
b - Wether this tracker should only track strict sessions.

usesStrictSessions

public boolean usesStrictSessions()
Description copied from interface: SessionTracker
Returns true, if the tracker only produces strict sessions.

Specified by:
usesStrictSessions in interface SessionTracker
Returns:
Wether the tracker is using strict sessioning only.

extractKey

public abstract String extractKey(AuditEvent evt)
This method extracts the key-feature from an event which is used to identify the session that this event is related to. This might be the remote-address, a special request-parameter or a cookie.

Parameters:
evt - The event from which to extract the session-id.
Returns:
A string that identifies the session associated with this event.

toString

public String toString()
This method returns a string of all events grouped by their session-id.

Overrides:
toString in class Object
Returns:
A string holding all sessions
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 jwall.org. All Rights Reserved.