Package com.skava.auth.web

Class ClientSessionController

java.lang.Object

org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

com.skava.core.security.CommonExceptionHandler

com.skava.core.errorhandler.ExceptionResponseProcessor

com.skava.auth.helper.AuthExceptionHandler

com.skava.auth.web.ClientSessionController

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware

@RestController
@RequestMapping("/clientsessions")
public class ClientSessionController
extends AuthExceptionHandler

This class act as a controller to handle the Authorized session manipulation for clients.
List of operations handled by this controller are

• Session create

Author:

Infosys Equinox

Field Summary

Fields inherited from class com.skava.auth.helper.AuthExceptionHandler

CONST_API_VERSION_DEFAULT, DEFAULT_LIMIT, X_TOTAL_COUNT

Fields inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

logger, PAGE_NOT_FOUND_LOG_CATEGORY, pageNotFoundLogger

Constructor Summary

Constructors

Constructor	Description
ClientSessionController()	The class constructor.

Method Summary

Modifier and Type	Method	Description
org.springframework.http.ResponseEntity<Object>	createSession(String version, String authToken, long storeId, String clientId, Long businessId, Long collectionId)	This service is used to create session based on given client identifier for client who have the roles.
org.springframework.http.ResponseEntity<Object>	deleteSession(String version, long storeId, String sessionId)	This service is used to remove a session using session identifier also validate session's availability in cache.

Methods inherited from class com.skava.auth.helper.AuthExceptionHandler

getValidationResponse, handleAccessDeniedException, handleResourceNotFoundException, handleRunTimeException

Methods inherited from class com.skava.core.errorhandler.ExceptionResponseProcessor

getExceptionResponse, handleExceptionInternal, handleMethodArgumentNotValid

Methods inherited from class com.skava.core.security.CommonExceptionHandler

handleExceptionInternal, handleInternalException

Methods inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

createProblemDetail, createResponseEntity, getMessageSource, handleAsyncRequestNotUsableException, handleAsyncRequestTimeoutException, handleConversionNotSupported, handleErrorResponseException, handleException, handleHandlerMethodValidationException, handleHttpMediaTypeNotAcceptable, handleHttpMediaTypeNotSupported, handleHttpMessageNotReadable, handleHttpMessageNotWritable, handleHttpRequestMethodNotSupported, handleMaxUploadSizeExceededException, handleMethodValidationException, handleMissingPathVariable, handleMissingServletRequestParameter, handleMissingServletRequestPart, handleNoHandlerFoundException, handleNoResourceFoundException, handleServletRequestBindingException, handleTypeMismatch, setMessageSource

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ClientSessionController

public ClientSessionController()

The class constructor.

Method Details

createSession

@PostMapping("")
@ResponseStatus(CREATED)
@Audit(action="createSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> createSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId,
 @RequestParam(name="clientid",required=true) @AuditField(field="CLIENT_ID")
 String clientId,
 @RequestParam(name="businessId",required=false) @AuditField(field="BUSINESS_ID")
 Long businessId,
 @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID")
 Long collectionId)

This service is used to create session based on given client identifier for client who have the roles.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an client. Auth token (JWT format) represents claims containing roles and privileges of the client accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the client to perform the action on the subjected resource

.

storeId - Refers to the unique identifier of the store.

clientId - a Long object. This field holds a client identifier from the client microservice for client's role manipulation. Client the entity/resource of the client microservice. Each client can have any number of roles.

businessId - a Long object. Holds a valid business identifier. A Business is typically a customer who has signed up with Infosys Equinox to launch a commerce store or a digital experience. An Infosys Equinox Commerce Instance can have multiple Businesses under which there can be multiple stores - Logical entity which binds all the services together to bring in an storefront experience.

collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

Returns:

Returns Session object which consists of session identifier, token and client identifier.

deleteSession

@DeleteMapping
@ResponseStatus(OK)
@Audit(action="deleteSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> deleteSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId,
 @RequestHeader(name="sessionId") @AuditField(field="SESSION_ID")
 String sessionId)

This service is used to remove a session using session identifier also validate session's availability in cache.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - Refers to the unique identifier of the store.

sessionId - a String object. This field holds the valid session identifier. It has to be generated before hand by invoking the /auth/sessions API provided by this microservice.

Returns:

Returns valid http status which indicate response of this service with empty response body.