Overview of the WAM Session API
The WAM Session API enables you to control the sessions created when users are authenticated and customize their attributes for use by WAM-based components, agents, web pages, and so forth. Some practical uses of this API include:
Sending an e-mail or text message to an administrator based on the user/role of an authenticated user.
Setting user-specific session attributes queried from a database for use in customized web pages.
This API contains three main interfaces that may be of interest to WAM programmers:
Each WAM security domain has a session manager service, which creates and manages ManagedSession instances as users are authenticated. During its lifespan, a ManagedSession may have attributes added, updated, and removed.
It may also expire due to inactivity or close when the user logs out. WAM ManagedSessionEventHandlers can be registered with a security domain’s session manager service. They are notified whenever a ManagedSession is created, expired, or closed.
Figure 1 shows the relationship of high-level WAM components to WAM ManagedSessions and ManagedSessionEventHandlers.
Figure 1 - Relationship of ManagedSession and ManagedSessionEventHandler to security domain components
WAM managed session event handlers are registered within the
security-domain.xml. When the enclosing security domain is loaded,
each session event handler registered with a session manager service is loaded.
A session event handler is configured via its
initialize method and is given
a Config Object, which provides access to the following:
Configuration parameters as name/value pairs.
A ServiceFinder for finding and using WAM services.
The Logger for the enclosing security domain.
Session event handlers must implement the WAM managed session event handler
interface defined by class