Package com.skava.auth.web

Class SessionController

java.lang.Object

org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

com.skava.core.security.CommonExceptionHandler

com.skava.core.errorhandler.ExceptionResponseProcessor

com.skava.auth.helper.AuthExceptionHandler

com.skava.auth.web.SessionController

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware

@RestController
@RequestMapping("/sessions")
public class SessionController
extends AuthExceptionHandler

This class act as a controller to handle the Authorized session manipulation.
List of operations handled by this controller are

• Session create
• Retrieve Session
• Remove Session

Author:

Infosys Equinox

Field Summary

Fields inherited from class com.skava.auth.helper.AuthExceptionHandler

CONST_API_VERSION_DEFAULT, DEFAULT_LIMIT, X_TOTAL_COUNT

Fields inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

logger, PAGE_NOT_FOUND_LOG_CATEGORY, pageNotFoundLogger

Constructor Summary

Constructors

Constructor	Description
SessionController()	The class constructor.

Method Summary

Modifier and Type	Method	Description
org.springframework.http.ResponseEntity<Object>	createSession(String version, String authToken, long storeId, Long userId, String bearerToken, boolean isGuest, Long businessId, Long collectionId, boolean isDeleteAllSessions)	This service is used to create session based on given user identifier for user who have the roles.
org.springframework.http.ResponseEntity<Object>	deleteSession(String version, long storeId, String sessionId, boolean isAllSessionClear)	This service is used to remove a session using session identifier also validate session's availability in cache.
org.springframework.http.ResponseEntity<Object>	getSession(String version, long storeId, String sessionId)	This service retrieve the session details based on given session identifier and also validate the requested session identifier.
org.springframework.http.ResponseEntity<Object>	refreshSession(String version, String sessionId, SessionRefresh refreshRequest)	This API extends the current session and provides a new authToken(Refresh).

Methods inherited from class com.skava.auth.helper.AuthExceptionHandler

getValidationResponse, handleAccessDeniedException, handleResourceNotFoundException, handleRunTimeException

Methods inherited from class com.skava.core.errorhandler.ExceptionResponseProcessor

getExceptionResponse, handleExceptionInternal, handleMethodArgumentNotValid

Methods inherited from class com.skava.core.security.CommonExceptionHandler

handleExceptionInternal, handleInternalException

Methods inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

createProblemDetail, createResponseEntity, getMessageSource, handleAsyncRequestNotUsableException, handleAsyncRequestTimeoutException, handleConversionNotSupported, handleErrorResponseException, handleException, handleHandlerMethodValidationException, handleHttpMediaTypeNotAcceptable, handleHttpMediaTypeNotSupported, handleHttpMessageNotReadable, handleHttpMessageNotWritable, handleHttpRequestMethodNotSupported, handleMaxUploadSizeExceededException, handleMethodValidationException, handleMissingPathVariable, handleMissingServletRequestParameter, handleMissingServletRequestPart, handleNoHandlerFoundException, handleNoResourceFoundException, handleServletRequestBindingException, handleTypeMismatch, setMessageSource

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SessionController

public SessionController()

The class constructor.

Method Details

createSession

@PostMapping("")
@ResponseStatus(CREATED)
@Audit(action="createSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> createSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId,
 @RequestParam(name="userid",required=true) @AuditField(field="USER_ID")
 Long userId,
 @RequestParam(name="bearerToken",required=false) @AuditField(field="BEARER_TOKEN")
 String bearerToken,
 @RequestParam(name="isGuest",required=false) @AuditField(field="IS_GUEST")
 boolean isGuest,
 @RequestParam(name="businessId",required=false) @AuditField(field="BUSINESS_ID")
 Long businessId,
 @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID")
 Long collectionId,
 @RequestParam(value="isDeleteAllSessions",required=false,defaultValue="false") @AuditField(field="isDeleteAllSessions")
 boolean isDeleteAllSessions)

This service is used to create session based on given user identifier for user who have the roles. This can also used to create a token for storefront user with predefined roles controlled by isGuest flag.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the user to perform the action on the subjected resource

.

storeId - Refers to the unique identifier of the store.

userId - a Long object. This field holds a user identifier from the user microservice for user's role manipulation. User the entity/resource of the user microservice. Each user can have any number of roles.

bearerToken - a String object. Holds a valid bearer token value generated by user's authentication service which will validate user's identity and password.

isGuest - a Boolean object. Holds a flag for role distinction at storefront user's token generation.

businessId - a Long object. Holds a valid business identifier. A Business is typically a customer who has signed up with Infosys Equinox to launch a commerce store or a digital experience. An Infosys Equinox Commerce Instance can have multiple Businesses under which there can be multiple stores - Logical entity which binds all the services together to bring in an storefront experience.

collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

Returns:

Returns Session object which consists of session identifier, token and user identifier.

refreshSession

@PatchMapping
@Audit(action="refreshSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> refreshSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(name="sessionId") @AuditField(field="SESSION_ID")
 String sessionId,
 @RequestBody(required=false)
 SessionRefresh refreshRequest)

This API extends the current session and provides a new authToken(Refresh). Session creation API(POST /Session) API will send refreshToken for the newly created session, which will be input to this API. This API validates session identifier in request path and refresh token passed as query parameter , if both are valid, session will be extended as per the time mentioned in the collection property 'authExpiryTimeMins'. On extending the current session this API will return a new refresh token which will be used for further refresh. Expiry time for the newly created refresh token is configured in the collection property 'refreshTokenExpiryTimeMins'. The default expire time is 240 minutes.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

sessionId - a String object. This field holds the valid session identifier. It has to be generated before hand by invoking the /auth/sessions API provided by this microservice.

refreshRequest - a SessionRefresh object. Holds the valid session token.

Returns:

Returns Session object which consists of session identifier, token and user identifier.

getSession

@GetMapping
@Audit(action="getSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> getSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId,
 @RequestHeader(name="sessionId") @AuditField(field="SESSION_ID")
 String sessionId)

This service retrieve the session details based on given session identifier and also validate the requested session identifier. Session's token/id of the session is mandatory to access many of the services. We can get the session token and identifier by auth/session service.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - Refers to the unique identifier of the store.

sessionId - a String object. This field holds the valid session identifier. It has to be generated before hand by invoking the /auth/sessions API provided by this microservice.

Returns:

a SessionVO object. This response body consists of session identifier, token and user identifier.

deleteSession

@DeleteMapping
@Audit(action="deleteSession",
       repository="sessionRepository")
public org.springframework.http.ResponseEntity<Object> deleteSession(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId,
 @RequestHeader(name="sessionId") @AuditField(field="SESSION_ID")
 String sessionId,
 @RequestHeader(value="isAllSessionClear",required=false,defaultValue="false") @AuditField(field="isAllSessionClear")
 boolean isAllSessionClear)

This service is used to remove a session using session identifier also validate session's availability in cache.

Parameters:

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - Refers to the unique identifier of the store.

sessionId - a String object. This field holds the valid session identifier. It has to be generated before hand by invoking the /auth/sessions API provided by this microservice.

Returns:

Returns valid http status which indicate response of this service with empty response body.