Module io.inverno.mod.session
Package io.inverno.mod.session.jwt

Class RedisJWTSessionStore<A,B>

java.lang.Object
io.inverno.mod.session.AbstractSessionStore<A,JWTSession<A,B>>
io.inverno.mod.session.jwt.RedisJWTSessionStore<A,B>
Type Parameters:
A - the session data type
B - the stateless session data type
All Implemented Interfaces:
JWTSessionStore<A,B>, SessionStore<A,JWTSession<A,B>>
public class RedisJWTSessionStore<A,B> extends AbstractSessionStore<A,JWTSession<A,B>> implements JWTSessionStore<A,B>

A JWT session store implementation that stores sessions and their stateful data in a Redis data store.

Only stateful session data are stored in Redis as JSON strings and set to expire (pexpire when maximum inactive interval is set or pexpireat when explicit expiration time is set), other session attributes as well as stateless session data are stored in the JWT session id. Expiration time includes a two minutes buffer in order to make sure session data are still available to the limits.

Expiration due to inactivity is evaluated based on the session Redis key idle time which is rounded to the second, therefore expiration is also precise to the second. This is also true when an explicit expiration time is set because this is stored in JWT expiration time claim which is also precise to the second, the specified value being rounded to the lowest integer when generating the JWT session id.

Session data are stored as JSON strings, as a result the session data type must be defined in a way that enables an object mapper to read and write data.

This implementation uses a SessionDataSaveStrategy to determine whether resolved session data should be saved along with the session.

Since:
1.13
Author:
Jeremy Kuhn

  • Field Details

  • Method Details

    • builder

      public static <A, B> RedisJWTSessionStore.Builder<A,B> builder(JWTSessionIdGenerator<A,B> sessionIdGenerator, RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper, Class<A> sessionDataType, Class<B> statelessSessionDataType)

      Creates a Redis JWT session store builder.

      Type Parameters:
      A - the session data type
      B - the stateless session data type
      Parameters:
      sessionIdGenerator - a JWT session id generator
      redisClient - a Redis client
      mapper - an object mapper
      sessionDataType - the session data type
      statelessSessionDataType - the stateless session data type
      Returns:
      a Redis JWT session store builder

    • builder

      public static <A, B> RedisJWTSessionStore.Builder<A,B> builder(JWTSessionIdGenerator<A,B> sessionIdGenerator, RedisClient<String,String> redisClient, com.fasterxml.jackson.databind.ObjectMapper mapper, Type sessionDataType, Type statelessSessionDataType)

      Creates a Redis JWT session store builder.

      Type Parameters:
      A - the session data type
      B - the stateless session data type
      Parameters:
      sessionIdGenerator - a JWT session id generator
      redisClient - a Redis client
      mapper - an object mapper
      sessionDataType - the session data type
      statelessSessionDataType - the stateless session data type
      Returns:
      a Redis JWT session store builder

    • getKeyPrefix

      public String getKeyPrefix()

      Returns the session Redis key prefix.

      Returns:
      the session key prefix

    • getSessionIdGenerator

      public JWTSessionIdGenerator<A,B> getSessionIdGenerator()
      Description copied from class: AbstractSessionStore

      Returns the session id generator.

      Overrides:
      getSessionIdGenerator in class AbstractSessionStore<A,JWTSession<A,B>>
      Returns:
      the session id generator

    • create

      public Mono<JWTSession<A,B>> create()
      Description copied from interface: SessionStore

      Creates a new session in the session store.

      This shall physically create a new session in the data store.

      Specified by:
      create in interface SessionStore<A,B>
      Returns:
      a mono for creating a session

    • get

      public Mono<JWTSession<A,B>> get(String sessionId)
      Description copied from interface: SessionStore

      Returns the session identified by the specified session id.

      Specified by:
      get in interface SessionStore<A,B>
      Parameters:
      sessionId - a session id
      Returns:
      a mono emitting the session or an empty mono if no session exists with the specified identifier

    • getData

      public Mono<A> getData(String sessionId)
      Description copied from interface: SessionStore

      Returns the data of the session identified by the specified session id.

      Specified by:
      getData in interface SessionStore<A,B>
      Parameters:
      sessionId - a session id
      Returns:
      a mono emitting the session data or an empty mono if no session exists with specified identifier or if a session exists which does not define any data

    • getDataByTokenId

      public Mono<A> getDataByTokenId(String tokenId)
      Description copied from interface: JWTSessionStore

      Returns the data of the session identified by the specified JWT token identifier (i.e. JTI).

      Specified by:
      getDataByTokenId in interface JWTSessionStore<A,B>
      Parameters:
      tokenId - the JWT token identifier extracted from the JWT session id claims set
      Returns:
      a mono emitting the session data or an empty mono if no session exists with specified identifier or if a session exists which does not define any data

    • move

      public Mono<Void> move(String sessionId, String newSessionId) throws IllegalStateException
      Description copied from interface: SessionStore

      Moves the session identified by the specified identifier to a new identifier.

      Specified by:
      move in interface SessionStore<A,B>
      Parameters:
      sessionId - a session id
      newSessionId - a new session id
      Returns:
      a mono for moving a session
      Throws:
      IllegalStateException - if there is no session with the specified identifier or if a session already exists at the specified new identifier

    • moveByTokenId

      public Mono<Void> moveByTokenId(String tokenId, JOSEObject<JWTClaimsSet,?> newSessionJWT) throws IllegalStateException
      Description copied from interface: JWTSessionStore

      Moves the session identified by the specified JWT token identifier to the specified JWT session identifier.

      Specified by:
      moveByTokenId in interface JWTSessionStore<A,B>
      Parameters:
      tokenId - a JWT token identifier
      newSessionJWT - a new JWT session identifier
      Returns:
      a mono for moving a session
      Throws:
      IllegalStateException - if there is no session with the specified identifier or if a session already exists at the specified new identifier

    • remove

      public Mono<Void> remove(String sessionId)
      Description copied from interface: SessionStore

      Removes the session identified by the specified identifier.

      Specified by:
      remove in interface SessionStore<A,B>
      Parameters:
      sessionId - a session id
      Returns:
      a mono for removing a session

    • removeByTokenId

      public Mono<Void> removeByTokenId(String tokenId)
      Description copied from interface: JWTSessionStore

      Removes the session identified by the specified JWT token identifier (i.e. JTI).

      Specified by:
      removeByTokenId in interface JWTSessionStore<A,B>
      Parameters:
      tokenId - the JWT token identifier extracted from the JWT session id claims set
      Returns:
      a mono for removing a session

    • save

      public Mono<Void> save(JWTSession<A,B> session) throws IllegalArgumentException, IllegalStateException
      Description copied from interface: SessionStore

      Saves the specified session.

      Whether resolved session data are saved along with the session is implementation specific. Implementors must however at least guarantee that data that is explicitly set on a session using Session.setData(Object) are saved.

      Specified by:
      save in interface SessionStore<A,B>
      Parameters:
      session - a session
      Returns:
      a mono for saving a session
      Throws:
      IllegalArgumentException - if the specified session does not originate from this session store
      IllegalStateException - if the specified session does not exist in the store or if it was invalidated