@RestController @RequestMapping(value="/omero/session/create") @Scope(value="request") public class SessionController extends java.lang.Object
|Modifier and Type||Field and Description|
|Constructor and Description|
|Modifier and Type||Method and Description|
Opens a new OMERO session.
public static final java.lang.String CreateUrl
@RequestMapping(method=POST, consumes="application/json", produces="application/json") public org.springframework.http.ResponseEntity<java.lang.Object> create(@RequestBody CreateSessionRequest data)
This method creates a fresh session for the user specified in the
request object and keeps it alive for the
amount of time specified in the request object's keep-alive
field. The client can use the
session anytime before the specified amount of time elapses. Past that
time, if the client hasn't yet made any calls to the OMERO server using
this session, the session will be expired and no longer usable. Also
past that time, the client is responsible to keep the session alive, if
still needed. In any case, the client is responsible for closing the
This Web method can be useful when executing OMERO tasks on behalf of a user at a future time point. In such scenarios, the user asks some system (e.g. Smuggler) to execute an OMERO task (e.g. an import) sometime later, after they have logged out of OMERO. When the time comes to execute the task, the system in question will need a valid OMERO session but where to get one from? One option could be that the system provides its own OMERO logging form and somehow gets hold of the user to make them log in just before executing the task. This is often difficult or impractical. Another option could be that the system stores the user's password, but this is not secure. This Web method provides an alternative: create a session upfront and keep it alive until the time to execute the task comes.
Concerning security, it is also important to note that this method requires the client to pass in the user's password, so the connection should be properly secured using HTTPS. However, this Web method does not store the password, it discards it just after creating a new OMERO session.
This method returns a
200 HTTP message when all of the
following holds true:
The body of the returned message is a JSON-serialised
This method returns a
400 HTTP message when any of the
above conditions are not met. In this case, the body of the message is
a JSON-serialised instance of
Error which details the failure.