vjkoskela
commented
5 years ago Here's a link to the Play session management APIs:
https://www.playframework.com/documentation/2.6.x/JavaSessionFlash
Open vjkoskela opened 5 years ago
vjkoskela
commented
5 years ago Here's a link to the Play session management APIs:
https://www.playframework.com/documentation/2.6.x/JavaSessionFlash
There are two use cases for obtaining an
Organization:1) For an API call in a controller. (e.g. AlertController) 2) For a back-end organization-agnostic component. (e.g. JobCoordinator)
At the moment we have an
OrganizationRepositorywhich combines these two use cases. However, there should be a separation of translating "session" state into anOrganizationvs looking-up or scanning from a repository (MP specific or external).All this should be kept light-weight and extensible to allow MP clients to plug-in appropriate external systems or to integrate MP itself into another product leveraging its auth N/Z.
The following is a skeleton proposal of how we should proceed based on the constraints outlined above.
1) Refactor
OrganizationintoOrganizationReferencewhich should contain anOrganizationRepositoryand aUUID(the organization id). All existing domain repositories (e.g. alert, expression, etc.) should acceptOrganizationReferenceinstead ofOrganization. The class should offer abstracted look-up of the actualOrganization(via theOrganizationRepository).2) Create a
SessionManagerinterface andDefaultSessionManagerwhich is injected into the controllers via configuration (reference.conf). Remove theHttpRequesttoOrganizationtranslation fromOrganizationRepositoryand put it intoSessionManager. Except we'll nestOrganizationReferenceinside an internal model object calledProfile. Remove theOrganizationRepositoryfrom all controllers (they should not need it anymore).3) Create
UserReferencesimilar toOrganizationReference. Update theOrganizationRepositoryto allow a user's organization to be fetched. InDefaultSessionManagerlook for the user and organization id in the Play session cookie. If found, create a profile for those references. If not found, create a new user id and reference and query the organization repository for it.** Alternative here would be to create a
UserRepositoryto encapsulate the mapping of user to organization (even if they are backed by the same physical repository).4) Update the contract between the controllers and the
SessionManagerto allow theSessionManagerto:a) Pull headers/cookies from the request b) Write cookies to the reply c) Redirect the request w/o executing the remainder of the controller logic
**
DefaultSessionManagerwill only doa)andb); but a real session manager would request auth N before establishing the session.