OMERO sessions
OMERO sessions simplifies the handling of login sessions for OMERO.blitz.
In short:
Sessions are a replacement for the standard JavaEE security infrastructure.
Sessions unify the Blitz and RMI session handling, making working with Java RMI more like Blitz (since the JavaEE interaction is essentially “conversationless”).
Sessions provide the ability (especially in Blitz) to quit a session and rejoin it later as long as it has not timed out, possibly useful for moving from one machine to another.
Sessions provide the ability to share the same space. Two users/clients attached to the same session would experience the same life-cycle.
Sessions provide a scratch space to which any data can be written for and by job/script executions.
Sessions act as a global cache (in memory or on disk) to speed up various server tasks, including login. With further extensions like http://terracotta.org/, sessions could serve as a “distributed” cache.
Sessions prevent sending passwords in plain text or any other form. After that, all session interactions take place via a shared secret key.
Design
All services other than ISession
, assume that a user is logging in with
a username equal to session uuid. Whereas previously one logged in with:
ome.system.Principal p = new ome.system.Principal("josh","user","User");
behind the scenes, now the “josh” value is replaced by the UUID of a
ome.model.meta.Session
instance.
The session is acquired by a call to:
ome.api.ISession.createSession(Principal princpal, String credentials);
and carries information related to the current user’s session.
Session session;
session.getUuid(); // Unique identifier; functions as a temporary password. DO NOT SHARE IT.
session.getTimeToIdle(); // Number of milliseconds which the user can idle without session timeout
session.getTimeToLive(); // Total number of milliseconds for which the session can live
session.getStarted(); // Start of session
session.getClosed(); // if != null, then session is closed
These properties cannot be modified.
Other properties are for use by clients:
session.getMessage(); // General purpose message statement
session.getAgent(); // Can be used to specify which program the user is using
session.getDefaultEventType(); // Default event type (the third argument "User" to Principal above)
session.getDefaultPermissions(); // String representation of umask (e.g. "rw----")
After changing a property on the session returned by createSession()
it is possible to save them to the server via:
ome.api.ISession.updateSession(Session);
Finally, when finished, to conserve resources it is possible to destroy the session via:
ome.api.ISession.closeSession(Session);
Existing sessions
In OMERO.blitz, it is possible to reacquire the session if it is still active, by passing the previous session UUID as your password (User principal is ignored).
client = omero.client()
servicefactory = client.createSession()
iadmin = servicefactory.getAdminService()
olduuid = iadmin.getEventContext().sessionUuid
// lose connection
client = omero.client()
servicefactory = client.createSession(omero.sys.Principal(), olduuid)
// now reattached
See also