Session management through nubes

[asthanasid]

There are cookie examples but i could not find session management. Is there a way to ensure session management or Vertx-web session handler should be used? I would prefer not to write my own cookie for session management.

[aesteve]

iirc : simply declare Session as parameter of your method, and use it.

[asthanasid]

Nope. the method throws a null pointer exception for Session. I tried both, with and without explicitly setting a SessionHandler on the router. I could see in the nubes code that CookieHandler is being set but could not find anywhere in the code where a SessionHandler is being set. Is there an example i can use?

[aesteve]

I'll have a look tomorrow. Auth/Session is the only part of the code I didn't write myself.

(the only place a sessionhandler is set is when you're using an auth provider)

[aesteve]

"Version 1.1 should be available shortly" according to bintray.

You should be able to use the Session as a method parameter even though you're not using a built-in authentication mechanism.

Let me know if it suits your needs or not :)

[asthanasid]

Couple of things:

• I marked one of my controller methods with Auth annotation and other one was not marked. I did not provide any AuthProvider. Both paths were served. I was expecting it to throw an exception. Dont know if this is the way it should be
• I provided a ShiroAuth provider ( as this is what i want to use in my app ).
  • For the path not marked with Auth annotation, cookie vertx-web.session was not returned in response
  • For the path marked with Auth annotation, cookie vertx-web.session was correctly returned in response, however, re-visiting the unmarked path, the cookie was again not returned
• Is there any other way to provide authProvider or VertxNubes.setAuthProvider is the correct way

So my needs ( just to elaborate: would be happy to help, let me know)

• There should be an annotation way to tell this web app is session cookie enabled with or without auth . And once mentioned, all paths should be able to return vertx-web.session in response without explicitly mentioning so
• There should be a annotation way to configure an AuthProvider. Not a big issue to use set but for a library promoting Annotation, this would be more in tune :)
• If there are paths which are marked with @Auth if there is no AuthProvider set then it should throw an exception rather making the path unsecured.

Later today I will try to update the code which can highlight these issues for you

[aesteve]

OK. I'll try to rework the auth part completely.

I'm not using it myself (since I've always been using using custom authentication services) and as I mentionned earlier, I did not write this part of the code. I'm not happy with the way it's configured, too.

So I guess it's time (and OAuth2 support coming in vert.x 3.2 has to be added, too) to rewrite this part of Nubes properly.

For the cookie thing, I'll try to create a standard vertx-web app with an authenticated and a public route but I think the problem doesn't lie within Nubes.

I'll try to rethink everything related to auth from scratch. Again, that's not that easy since I've never used it myself.

[asthanasid]

And may be a login and logout handler annotation on a controller method because nubes is injecting the AuthProvider which is needed by the FormLoginHanlder

[asthanasid]

Would you be taking this up soon? Or can I get started on a fork?

[aesteve]

I'm in the middle of a move to another city, which means (aside a very very busy schedule) I probably won't be connected to the internet in the upcoming weeks.

If you feel like working on a fork, the licence allows it, so feel free, np at all,

I'll give it a look and help you as soon as I'm able to.

[asthanasid]

I will need some opinion! Don't to digress away from the library's core philosophy. For sessions, I am planning to add a type annotation SessionEnabled toVertxNubes and NubesServer. So a SessionHandler will be set on all routes if initialized as @SessionEnabled VertxNubes nubes = ...

Does it seem ok?

[aesteve]

That sounds good on a philosophical point of view :)

.Be careful with the implementation though, I guess if a route is already annotated with auth-realated stuff, the sessionhandler will be attached to the route (be careful you don't attach it twice in that case ;) )

Also, there are a ton of unit tests, you can run them to make sure you didn't break anything (there's ~85-90% code coverage). And also, make sure you compile the tests with the -parameters options (if you run them in your IDE for example) or some tests won't work.

Have fun :)