SessionManager (RHQ Enterprise Server JAR 4.13.0 API)

java.lang.Object
- org.rhq.enterprise.server.auth.SessionManager

```
public final class SessionManager
extends Object
```
This is the JON Server's own session ID generator. It is outside any container-provided session mechanism. Its sole purpose is to provide session IDs to logged in Subjects. It will timeout those sessions regardless of any container-provided session-timeout mechanism.
Because this is a very security-sensitive class, any public method requires the caller to have the AllowEjbAccessPermission as any other calls to the EJB layer. This is so that the malicious users can't trick the EJB layer into thinking that some users are logged in or log out other users.
Also, for security reasons, this class is final so that malicious code can't subclass it and modify its behavior.
This object is a singleton.

Method Summary

Methods
Modifier and Type	Method and Description
`static SessionManager`	`getInstance()` Return the singleton object.
`long`	`getLastAccess(int sessionId)`
`org.rhq.core.domain.auth.Subject`	`getOverlord()`
`int`	`getSessionCount()` Returns the number of sessions that are currently held by this manager.
`org.rhq.core.domain.auth.Subject`	`getSubject(int sessionId)` Returns the `Subject` associated with the given session id.
`void`	`invalidate(int sessionId)` Invalidates the session associated with the given session ID.
`void`	`invalidate(String username)` Invalidates all sessions for the given username.
`void`	`purgeTimedOutSessions()` Asks the session manager to examine all sessions and invalidate those sessions that have timed out.
`org.rhq.core.domain.auth.Subject`	`put(org.rhq.core.domain.auth.Subject subject)` Associates a `Subject` with a new session id.
`org.rhq.core.domain.auth.Subject`	`put(org.rhq.core.domain.auth.Subject subject, long timeout)` Associates a `Subject` with a new session id with the given session timeout.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - getInstance
```
public static SessionManager getInstance()
```
    Return the singleton object.
    
    Returns:
    the SessionManager
  - getSessionCount
```
public int getSessionCount()
```
    Returns the number of sessions that are currently held by this manager. This count includes those sessions that may have already timed out but not yet invalidated and purged.
    
    Returns:
    total number of sessions
  - put
```
public org.rhq.core.domain.auth.Subject put(org.rhq.core.domain.auth.Subject subject)
```
    Associates a Subject with a new session id. The new session will use the default timeout.
    
    Parameters:
    subject -
    
    Returns:
    the Subject associated with session. Note, this may be a copy of the Subject passed into the method. The sessionId will be assigned.
  - put
```
public org.rhq.core.domain.auth.Subject put(org.rhq.core.domain.auth.Subject subject,
                                   long timeout)
```
    Associates a Subject with a new session id with the given session timeout.
    
    Parameters:
    subject -
    timeout - the timeout for the session, in milliseconds
    
    Returns:
    the Subject associated with session. This will be a copy of the Subject passed into the method (unless that Subject is overlord). The sessionId will be assigned.
  - getSubject
```
public org.rhq.core.domain.auth.Subject getSubject(int sessionId)
                                            throws SessionNotFoundException,
                                                   SessionTimeoutException
```
    Returns the Subject associated with the given session id.
    
    Parameters:
    sessionId - The session id
    
    Returns:
    the Subject associated with the session id
    
    Throws:
    
    SessionNotFoundException
    
    SessionTimeoutException
  - invalidate
```
public void invalidate(int sessionId)
```
    Invalidates the session associated with the given session ID.
    
    Parameters:
    sessionId - session id to invalidate
  - purgeTimedOutSessions
```
public void purgeTimedOutSessions()
```
    Asks the session manager to examine all sessions and invalidate those sessions that have timed out.
  - invalidate
```
public void invalidate(String username)
```
    Invalidates all sessions for the given username. This is for testing purposes ONLY.
    
    Parameters:
    username - username for the sessions to be invalidated
  - getLastAccess
```
public long getLastAccess(int sessionId)
```
  - getOverlord
```
public org.rhq.core.domain.auth.Subject getOverlord()
```

Class SessionManager

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getInstance

getSessionCount

put

put

getSubject

invalidate

purgeTimedOutSessions

invalidate

getLastAccess

getOverlord